It looks like the user has to log in again every hour -- but if the user attempts to interact with the current page, errors occur from the back end that are not propogated to the user, leading to confusing results. The user needs to guess that the login has expired and force-refresh the page, perhaps reentering whatever data they were trying to submit.
Could this interval be made longer, perhaps much longer? Login tokens persist for a month (and in v3 the exact expiration time will be included in a response header), and you can also refresh the token in the background using POST /refresh_token so the user never has to re-enter their credentials (so long as their password doesn't change or their access isn't revoked by an admin).
(Also, in api v3, the login process is intentionally made computationally expensive, on the order of 4s to complete, in order to encourage the usage and retention of long-lived tokens.)
It looks like the user has to log in again every hour -- but if the user attempts to interact with the current page, errors occur from the back end that are not propogated to the user, leading to confusing results. The user needs to guess that the login has expired and force-refresh the page, perhaps reentering whatever data they were trying to submit.
Could this interval be made longer, perhaps much longer? Login tokens persist for a month (and in v3 the exact expiration time will be included in a response header), and you can also refresh the token in the background using
POST /refresh_tokenso the user never has to re-enter their credentials (so long as their password doesn't change or their access isn't revoked by an admin).(Also, in api v3, the login process is intentionally made computationally expensive, on the order of 4s to complete, in order to encourage the usage and retention of long-lived tokens.)