We think its okay to use the API Key directly during development; however, once you're in a production, we recommend generating and using auth tokens instead.
Here are some best practices for using auth tokens:
1d). This is a good balance between security and convenience. If a user has been viewing a page for over 24 hours and tries to use a Portive Cloud service, the user will receive an expired token error and will have to reload the page which will generate a new auth token.
authTokenis fetched from an API endpoint when it is needed), we recommend an expiry of 1 minute (
1m). Since the user requests the
authTokenand uses it immediately, one minute is enough time to make the request to the Portive cloud server without expiring.