SOLVED

Marketo API Token best practices?

Go to solution
Highlighted

Marketo API Token best practices?

Hi everyone,

I'm building our connection to the API as we're just rolling out Marketo. I had a question about how to handle the token validation. 

Is the best practice to:

- hit the identity endpoint and check for a valid token each time?

- hit the identity endpoint, save when I hit it into a variable, and check if it's been an hour before every call?

- just look for a 601/602 error and if one gets returned, get a new token and try again?

Also, is the validity of the token only checked when my request comes in? As in, if I send a request with 1 second left and it takes 2 seconds, will my request complete successfully? 

Thanks!

Tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Level 10 - Community Moderator

Re: Marketo API Token best practices?

  • hit the identity endpoint, save when I hit it into a variable, and check if it's been an hour before every call?
  • just look for a 601/602 error and if one gets returned, get a new token and try again?

A hybrid of these 2.

Definitely do not get a preemptively new token every time -- not only is this crazy overhead, it won't even work because you'll still have a race condition.

Cache the token optimistically and store the approximate age with it. But don't forcibly fetch a new token until it's at least 61 full minutes old. Trying to guess around the exact 60m mark is hopeless -- if it's under 61m, just send the request with the cached token, check for the error, and get a new token then if necessary.

Also, is the validity of the token only checked when my request comes in? As in, if I send a request with 1 second left and it takes 2 seconds, will my request complete successfully?

Yes, it's checked at the outset & the request won't error out in the middle of execution.

View solution in original post

2 REPLIES 2
Highlighted
Level 10 - Community Moderator

Re: Marketo API Token best practices?

  • hit the identity endpoint, save when I hit it into a variable, and check if it's been an hour before every call?
  • just look for a 601/602 error and if one gets returned, get a new token and try again?

A hybrid of these 2.

Definitely do not get a preemptively new token every time -- not only is this crazy overhead, it won't even work because you'll still have a race condition.

Cache the token optimistically and store the approximate age with it. But don't forcibly fetch a new token until it's at least 61 full minutes old. Trying to guess around the exact 60m mark is hopeless -- if it's under 61m, just send the request with the cached token, check for the error, and get a new token then if necessary.

Also, is the validity of the token only checked when my request comes in? As in, if I send a request with 1 second left and it takes 2 seconds, will my request complete successfully?

Yes, it's checked at the outset & the request won't error out in the middle of execution.

View solution in original post

Highlighted

Re: Marketo API Token best practices?

Thanks, this was helpful