Cron job Refresh Token

what is [‘endOfLife’]? is this expiration date/time of generated access token or refresh token?

Never hear of ‘endOfLife’…where are you getting that from? The field name returned is ‘expires_in’

this is after initial granting access when IS popup appears to authenticate app to access IS application

ok i figured out, its expiration time of the access token, here is my workflow:

1- i have successfully generated first access and refresh token via manual connection (where IS popup appear)
2-Stored these tokens in DB along date/time of generation and expiration time
3- Added cronjob on server to run every 5 minutes (to test the auto generation of new tokens) and if passed 5 minutes passed from previously stored date/time of token generation, new tokens are successfully generated and stored in DB and so on.
4- Now i will change cronjob to run every hour and if 20 hours of token generation time passed, new tokens will be generated and stored in my DB

Question: My question is that should i fetch access token from DB to replace my API key in existing apps or anything else needed?

Thanks all for replying and helping me!!!

You don’t need to switch from Legacy API Key to OAuth Access Token for every application immediately, but we will eventually end-of-life the Legacy form of authentication, so it would be prudent to at the least ensure that you are using the current method going forward.

1 Like

Uptill now i have successfully generated and stored tokens in my DB, i was trying to test basic PHP code to add contact with duplicate check but not sure how to get success:

require_once 'vendor/autoload.php';
$infusionsoft = new Infusionsoft\Infusionsoft(array(
    'clientId'     => 'xxx',
    'clientSecret' => 'xxx',
    'redirectUri'  => 'xxx',
$accesstoken = 'xxx'; //Rerieved from DB

if (isset($_SESSION['token'])) {
	echo 1;

if ($infusionsoft->getToken()) {
	$_SESSION['token'] = serialize($infusionsoft->getToken());
    $contact = array('FirstName' => 'Test', 'LastName' => 'Test', 'Email' => '');

   $infusionsoft->contacts->addWithDupCheck($contact, 'Email');

    $contact = $infusionsoft->contacts->load($cid, array('Id', 'FirstName', 'LastName', 'Email'));

	echo 2;

else {
    echo 'Token Expired, Get new ones';

Hello pagedesigner

I am not getting new token on specfic time. May be my cronjob time is wrong.
Could you please give the cronjob code that you have created. I am happy if you help me out.

Hi Geek_Tech can you explain how you are storing the tokens and what cron commad you are using it varies from server to server, just ask you hosting provider to provide proper cron command,

Here is what im doing:
1- Manually authenticate my IS platform to give tokens to OAuth app.
2- I store retrieved details to DB (the return field contains expiry date/time, i store this along the date/time at which tokens are generate)
3- created another file which retrieves token generation date/time and refresh token from DB which was stored in step2 and posts refresh token and other required parameters to IS when 20 hours passed from initial token generation date/time, i run cron command every hour to this file to check 20 hours passed or not, if passed it posts requests to IS.
4- IS post back new tokens with expiration time remaining (its 24 hours at the time of generation) of new token, i add this remaining time to current time when these token were generated and overwrite both in DB

I hope this helps in explaining how i manage to do this and working fine for me. Im having issue using this in PHP code given above.

Umm… From my experience if things are setup right there is no need for a cron job at all. Just refresh the access token when the code is used using the refresh token and update database… You can only use refresh token once… Then u get a new one and u can use that once… Etc. This may help? Sample PHP Project with OAuth


@Jacob_Kerr that’s also a good strategy

@pagedesigner thanks My Refresh token probem is resolved.

1 Like

There are situations where the inline refresh doesn’t work if you can’t/don’t synchronize the call to do the token refresh. Some people find the cron is easy to implement over synchronizing your refresh. I prefer the synchronized refresh personally.

@TomScott Is refreshing the Refresh Token once a month a requirement? I’m already using the “try catch” method you suggest and refresh when needed using refreshAccessToken(). My app ends up running refreshAccessToken() about once a day. Is that sufficient or is there another method I need to be executing?

Refresh Tokens have a six-month lifetime, which means that if you have a user account that is not used within that window, it will lapse. Doing a cron-based refresh on each token inside that window prevents the authentication from expiring and having to require a re-authorize by the user.

its interessting, because i get the same field back:


endOfLife = 1530298678 its a date? or seconds when ended, no documentation found about returning data.

i am using php-sdk, but i found no information how to interpret this field.

$tokenInfo = $client->request('POST', $this->tokenUri, [
        'body'    => http_build_query($params),
        'headers' => ['Content-Type' => 'application/x-www-form-urlencoded']

any infomation?

The OAuth Spec spcifies the expires_in field returned in the token response is the duration of seconds. I would need to look at the php-sdk to see how that endOfLife is calculated exactly. From the looks of the number though it looks like epoch of when it expires.

1 Like

ok, i’ve got this information from source code:

if (isset($data['expires_in']))
		$this->setEndOfLife(time() + $data['expires_in']);

so the endoflife is the datetime when token expires.

i have some questions on the refreshToken?

in which time the refreshToken is valid? Can i use it, when the accesToken is expired, e.g. for 3 days? Or do i need a new requestAccessToken? Or do i need a complete new authorization process?

When using refreshToken, i get a complete new Token Object back, right? So i have to update my DB-Object.

I’m asking because i get en exception trying refreshToken before expiring, so i am asking mysels, what happens when a cron job is throwing 23 hours exceptions an in the worst case, all other request, may ca not be executed for e.g. 58 minute, waiting for the next cronjob updating token.

So why not refreshing it when a request need a new token? performance, …?

Refresh Tokens are good for 6 months and are single user. When you use a refresh to get a new access token then a brand new refresh token will be issued and the previous one will be invalidated. I am not exactly sure what you are saying that the refresh token fails until it expires. Please follow up if my answer is not sufficient.