Reputation: 23
Where to store API (Paypal) access tokens on the server side (node.js)
I am using the PayPal API to set up a subscription payment on my site. I know there is the PayPal node SDK but unfortunately, they have not updated it accordingly and is outdated when it comes to Subscriptions.
I have managed to get the access token and use it to make calls etc. however it does not make sense to get an access token each and every time I'm calling their API. What is the most ideal way to store the access token itself, the expiry time of the token and the time the token was created. The expiry time and time the token was created will be used in order to check if the token has expired before attempting to get a new one.
I have created the below js file which will be used via await paypal.getToken()
async function getToken(){
return new Promise((resolve, reject) => {
if(//Token expired) {
request.post({
uri: "https://api.sandbox.paypal.com/v1/oauth2/token",
headers: {
"Accept": "application/json",
"Accept-Language": "en_US",
"content-type": "application/x-www-form-urlencoded"
},
auth: {
'user': clientID,
'pass': clientSecret,
},
form: {
"grant_type": "client_credentials"
}
}, function(error, response, body) {
if(error)
reject(new Error(error))
else {
//Set global variable or whats best option with the access token that was obtained - JSON.parse(body).access_token
//Set global variable or whats best option with the expiry time - SON.parse(body).expires_in
//Set global vairable or whats best option with the current time in MS - Date.now()
resolve(JSON.parse(body).access_token);
}
});
}else {
// resolve(config.paypal_access_token); //Retrieve access_token from global vairable or whats best option
}
});
}
module.exports.getToken = getToken;
Upvotes: 1
Views: 784
Answers (1)
Reputation: 12542
I would think the best way to store the token in DB as well as datastore like Redis. This is my idea from top of my head
- Store the token, generation time, expiry in DB. Also In cache.
- Make a middleware to add the token to each request.
- If let's say Redis server got restarted you lose the cache, then get the data from the DB. if it is expired reauthenticate.
Upvotes: 1
Related Questions
- Where to store a JWT token properly and safely in a web based application?
- Where should you store oAuth token data in a node.js app
- ExpressJS: When authenticating, do I store the JWT token from the backend or the frontend?
- Where can we store the JWT token securely?
- Location to save api token?
- Where should I save client's JWT for future requests?
- How to store and access tokens for authentication?
- Where should I store jwt token for authentication on server side
- Where to store API token, user/pass etc
- How should I store a token generated by a RESTful API?