Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am using Permissions API to retrieve access token and token secret in order to create “X-PAYPAL-AUTHORIZATION” to process the Refund operation. In order to create the header, I am using PayPal SDK (OAuthSignature.getFullAuthString).
Should I be persisting access token and token secret and create header each time I make an API call?
Or is the header (String retuned by getFullAuthString) reusable forever?
Thanks
In theory you should generate the header every time you make the call, because it has a limited lifespan.
In practice, paypal never expires the authorization header, so you can re-use it.
They might fix it some day, so it’s better to stick to the standards, and generate a new header each time.