Hi All,

Does anyone know how long the token API Key received when calling: with a user name password construct is valid for? Or if its non expiring, under what circumstances it changes?

I have hit the API a bunch of times and keep gettign the same API Key value. I was expecting the key to be a token that would expire or would be destroyable with another api call.

The doc is here: https://dev.openclinica.com/apidoc/#api-User_Account-getAccountByUserName

While it does not show any expiry or the need to log out, I was kind of expecting that as a level of security.

cheers in advance :)


  • OCStuOCStu Posts: 12
    ah - it changes at least on password change. Still don't know if it expires after a given though.
  • mvirtosumvirtosu Posts: 275

    When you are making API calls from an application that is scheduled to run on a server and stores the OC API key in a config file, it would be impractical to have to change API keys every time they expire. My two cents.

  • OCStuOCStu Posts: 12
    I hear you. However I ask because I have built interfaces for systems that enforce exactly that, as a session ID kind of thing. Quite happy not to have to invoke a login every time though :)


Sign In or Register to comment.