Please join your peers on either March 26 (8pm GMT) or March 28 (8am GMT) to watch as user extraordinaire and forum legend @"lindsay.stevens" demonstrates OpenClinica Insight.

See preview and register at

Insight makes it easy to ask questions of ALL of your clinical and operational data and visualize answers via interactive reports and dashboards. The idea is simple, but the results are powerful: ask your questions, choose your visualizations, then return often for updated, interactive results that link you to all of the underlying data.


Hi All,

Does anyone know how long the token API Key received when calling: with a user name password construct is valid for? Or if its non expiring, under what circumstances it changes?

I have hit the API a bunch of times and keep gettign the same API Key value. I was expecting the key to be a token that would expire or would be destroyable with another api call.

The doc is here:

While it does not show any expiry or the need to log out, I was kind of expecting that as a level of security.

cheers in advance :)


  • OCStuOCStu Posts: 12
    ah - it changes at least on password change. Still don't know if it expires after a given though.
  • mvirtosumvirtosu Posts: 275

    When you are making API calls from an application that is scheduled to run on a server and stores the OC API key in a config file, it would be impractical to have to change API keys every time they expire. My two cents.

  • OCStuOCStu Posts: 12
    I hear you. However I ask because I have built interfaces for systems that enforce exactly that, as a session ID kind of thing. Quite happy not to have to invoke a login every time though :)


Sign In or Register to comment.