Make sure that your code follows the rules below:
- Store your tokens securely in your database, always in the same row
- Associate one user’s connection to a bank with a matching pair of tokens (access_token and refresh_token)
- Save your pair of tokens in one place only
- Make sure that other parts of your application read your tokens from the same place
- Replace the old access_token and
refresh_tokenwith the new ones after every refresh (refresh_tokens do not change anymore)
- Renew tokens periodically or prior to a big batch of requests
You can see a visualisation below:
If you need more information...
For more details on the best practices for managing your tokens, check this blog post here.