Make sure that your code follows the rules below:
- Store your tokens securely in your database, always in the same row. You can associate these with an internal user_id you create or with our
credentials_id(which you can retrieve from the /me endpoint). - Associate one user’s connection to a bank with a matching pair of tokens (
access_tokenandrefresh_token) - Save your pair of tokens in one place only
- Make sure that other parts of your application read your tokens from the same place
- Replace the old
access_tokenwith the new one after every refresh - Renew tokens periodically or prior to a big batch of data requests
You can see a visualisation below:
More
If you need more information...
For more details on the best practices for managing your tokens, check this blog post here.