CODEWITHSUNDEEP
c#.netjwt
kartGIS
kartGIS

Reputation: 699

How to save tokens between apis without statement?

We're thinking about an architecture for our next app and we're having problems with pass the tokens between APIs. We'll have:

After everything is ok :

We want to avoid calling the third party API every time that we want information from that API, but also we don't want to show that JWT to the user (I mean localstorage, sessionstorage...).

For more information, we'll use C# language and SQL server as database.

Our question:

How do you maintain 1token between APIs?

Upvotes: 0

Views: 488

Answers (1)

GPW
GPW

Reputation: 2626

you have two different things which need to be managed:

  1. JWT-secured calls between your front-end and your back-end
  2. JWT-secured calls between your back-end and a 3rd party.

What I would do is simply generate a 'sessionId' in the back-end which is part of the token you send to your front end. this could be an int or guid or whatever.

I would then associate this 'sessionId' with the token retrieved from the 3rd party and store that somehow - some form of database or file storage (DB would be the obvious thing to use).

That way whenever a request comes in from your front end in your back-end code you should:

  1. Extract sessionId from the token they provide
  2. lookup the entry for this Id in your database to get the token associated with it
  3. use this token to make whatever calls are required and respond

You'd have to make sure to update this association whenever you need to get new tokens, but that shouldn't be too hard.

You could also use this to make the nature of the thing a bit more async - you could return immediately to your front end with a response suggesting it's 'Working On It' then the front end could call a separate endpoint later to get the results... That way if the 3rd party link takes a while then the original request isn't left waiting too long for a response...

Upvotes: 3

Related Questions