From Collaborate version 5.2 the option to set access token expiration for three months, six months or a year will be removed. The reasons for this are:

  • to avoid situations where an access token and refresh token both expire at the same time
  • because access tokens become less secure the longer expiration they have

The maximum the access token can be set from version 5.2 is one month. Any existing API tokens configured to expire after a month will expire and the access token configuration for API application registration will be reset to expire after a month. 

An API client who has already coded the OAuth workflow correctly should have no problem with this change as the refresh token should be used to obtain the access token on expiration. Any API clients who have not coded the refresh token workflow will need to implement the refresh token workflow or manually generate the access token to allow their application to continue working. 

Please note that this change was introduced in Collaborate 4.4 and later reverted based on partner feedback. This is now scheduled for our Collaborate 5.2 release which is coming later this year. This will give our partners enough time to manage the token expiration workflow as recommended with OAuth2 standards. 

  • Since posting this announcement we have discussed this change with few integrators and they have confirmed compliance with the integration standard. If any integrator has any concerns with this change then please comment on this post.

    Please note that refresh token implementation is a required feature of our API compliance standard, and we request all integrations to use refresh token to comply with security standards.

    Thank you.