Can I extend the duration for userToken and integrationUserToken validity?

Environment:

Knowledge Advanced REST API, all versions, on any Oracle B2C Service site with the optional Knowledge Advanced component.

Resolution:

Authentication tokens in the Knowledge Advanced REST API are valid for 24 hours from the time of issue. This is not configurable. Below you will find some best practices for token management within your customizations.

Request a new token when your token is expired.

When your client application receives an error response that a token is expired, it should request a new one. Generally these messages will have error code beginning in OK-SESSION, as in the following example response.

{
  "error" : {
    "title" : "Session Token has expired",
    "errorPath" : null,
    "errorCode" : "OK-SESSION0003",
    "type" : "VALIDATION",
    "detail" : null
  },
  "errorDetails" : [ ]
}

Cache tokens to avoid excessive authentication requests.

Requesting a new userToken and/or integrationUserToken for every request will add unnecessary load to the servers. You should cache them on the application side. In Customer Portal specifically, see the answer Storing client side session data for Knowledge Advanced Customer Portal widgets for additional information.

Do not use a "generic user" for user interactions with the API.

If you were to use the same userToken to retrieve content for many different users, you will cause problems especially with learned link functionality. The userToken, when supplied, should be appropriate to the current logged-in user.

OAuth2 support

Instead of a userToken in the kmauthtoken header, you may choose to use an OAuth2 bearer token. You will still need to generate the integrationUserToken and supply it with requests. See the documentation for your product version (Documentation for Knowledge Advanced) and Answer 11710: Constructing the JWT for OAuth2 user authentication in Knowledge Advanced for more information.