Hi Vikram,

There are two options. Using api user with api-key, or a regular user with username and password. In case of regular user you use basic authorization. There is no such a thing as logout in basic authorization. Hence there are no sessions.

Regards.

Hi Yurikuzn,

Thanks for yoru quick reply.

I am trying to minimize the admin work that will be required for using the app. The API-Key approach will require the user to first generate an API-KEY. Therefore, I had planned to go with Espo-Authorization option provided in the API:

I am using user name and password for initial login, which gets me the details of the user and also a token that I can use for subsequent API calls. So far this has worked fine. My concern is when will this token expire? Of course, I can handle session expiry in the code and re-login using the username and password that user had entered initially. Just was trying to avoid that.

Regards.

It's determined by 2 parameters at Administration > Authentication: Auth Token Lifetime and Auth Token Max Idle Time.

Once you receive 401 error you just try to obtain a new token.