todoubled
commented
9 years ago Right now there's a new SAML assertion to get a new OAuth token for every API call, although this could probably be optimized for the hour like you mention. I don't think there's any harm in overissuing OAuth tokens but I only say that because of how much I've been hammering it while testing locally. They don't mention it in the docs either, just that you can't reuse one OAuth token for more than an hour.
Do you sign the assertion for every request to API server? Since oauth token is good for an hour, should there be a SAML request with every CAD api request?