Implementing caching for JWT tokens can be a valuable strategy for improving performance and reducing network traffic in systems that rely on token-based authentication. By temporarily storing access tokens in cache, clients can avoid the need to request new tokens for each API call, as long as the tokens remain within their validity period.

To ensure the security of cached tokens, it is essential to follow some best practices. First, JWT tokens should be securely stored on the partner's side, preventing unauthorized access to resources. Additionally, the credentials and certificates used to obtain the tokens must be adequately protected.

When choosing between local and shared cache, it is important to consider the specific requirements of the system, including security, scalability, and consistency. While local cache provides quick access, it is volatile and can be lost in the event of a system restart. On the other hand, distributed cache is suitable for distributed environments, ensuring consistency and availability of tokens throughout the environment.

When setting up a distributed caching system, it is crucial to implement adequate security measures to protect stored authorization tokens. This includes encrypting data both at rest and in transit, as well as monitoring for suspicious activities.

Furthermore, it is essential to implement an automatic token renewal mechanism to ensure that tokens are refreshed before they expire. This can be achieved through automatic re-authentication when a token is about to expire.

To address concurrency issues when accessing and updating authorization tokens in distributed cache, it is advisable to implement concurrency control mechanisms, such as locks, mutexes, atomic transactions, and version control. These mechanisms ensure data consistency in the cache and avoid issues like race conditions and data inconsistencies.

Access Token Request

📘

Remember that you must first configure the MTLS certificate.

Once the access token is obtained, you can use it to authenticate API calls during the validity period specified in the "expires_at" field of the response.

Request

curl --location '<https://api.pix.pagstar.com/oauth/token'>  
    --header 'Content-Type: application/x-www-form-urlencoded'  
    --data-urlencode 'client_id=\<your_client_id>'  
    --data-urlencode 'client_secret=\<your_client_secret>'  
    --data-urlencode 'grant_type=client_credentials' \\

Response

{  
  "access_token": "eyJhbGciOi…",  
  "expires_in": 300,  
  "refresh_expires_in": 0,  
  "token_type": "Bearer",  
  "not-before-policy": 1680810673,  
  "scope": "profile email qrcodes"  
}