What Are Delegation Tokens?

Delegation tokens grant an application access to perform operations on behalf of a SmartVault user. You can obtain a delegation token by redeeming the client token you receive after the user authorizes your application. If the request is successful, you will receive the token, the expiration in seconds, and the user ID.  It should be stored on your application for use when making authenticated API calls to SmartVault.

How Long Do Delegation Tokens Last?

Delegation tokens have a lifetime of 14 days. SmartVault will not handle the lifetime of tokens or notify you when a token has expired. You should write your code to handle their lifetime and make a request for a delegation token before it expires.

If a call is made to SmartVault’s API with an invalid token, SmartVault will respond with a 400 status code and an a response which will include a ‘invalid_token’ error. Remember that delegation token will not work if the user has revoked an application’s access or if it has expired. Be sure to detect and handle any of these situations in your application’s source code.