Reputation: 1473
Braintree client token expiration
In Braintree, When I generate a client token with a $customerId, how reliable is it to save that client token to database and re-use it later on?
I always have a user corresponding to a $customerId and it would greatly reduce the number of calls to Braintree if I could re-use the token.
Does the token ever expire? There is no mention of that in the official docs.
Thanks a lot!
Upvotes: 6
Views: 3550
Answers (3)
Reputation: 2334
The client token is a JWT. You'll need to base64 decode, to view the authorizationFingerprint. Then, split the authorizationFingerprint using ".", as the delimiter, and base64 decode the [1] position of the resulting array, and you'll see the "exp" param.
Upvotes: 1
Reputation: 21
This was a thing before 2019. In 2019 they changed the client token behavior so now it is granted for 24 hours and can be reused unless it was granted for specific CustomerId https://www.braintreepayments.com/blog/changes-to-client-tokens-are-coming/
Upvotes: 2
Reputation: 417
Full disclosure: I work as a developer for Braintree
The client token is not intended to be reused and will be revoked if a single client token is used multiple times in a short time span. You can read more about the client token in this part of the Braintree documentation.
Upvotes: 7
Related Questions
- PHP Braintree - create flow with Recurring Billing without using Subscriptions
- PayPal Braintree integration - what is the access token?
- Not able to setup up a quick test for braintree example
- Generating Braintree client token in advance
- Payment method nonce or token
- Client token not generated in AWS Server for Sandbox account
- Braintree Dropin UI does not work with Ionic Framework unless force refresh
- Braintree ios + java transaction API returns 403