Options

API changes — token sharing policy for third party apps

RaunakRaunak
edited June 2022 in API Change Announcements

Dear developers,

We’ll be making changes to the token sharing policy for third-party applications on 13 June 2022.

Our new validation rule will only grant access if the token used during the API call is created for the same app. The call itself remains unchanged.

Call

{
  "authorize": "a1-jilip7T3KdWcR6vpkJwvp9j"
}

Response

{
  "echo_req": {
    "authorize": "<not shown>"
  },
  "error": {
    "code": "InvalidToken",
    "message": "Token is not valid for current app ID."
  },
  "msg_type": "authorize"
}

Please make any necessary changes to your code.

If you have any questions, contact us at api-support@deriv.com.

Thank you.

Tagged:
· Share on Facebook

Comments

  • Options
    deriv_api_supportderiv_api_support

    Dear developers,

    The above change only affects OAuth tokens and not the API tokens that are provided by your clients.

    If your app uses OAuth tokens for authorisation purposes, please ensure the app_id in the query string matches the app_id used to connect to WebSocket.

    For example, the app_id used in the following URLs should be exactly the same:

    Please contact us at api-support@deriv.com if you have further questions.

    · Share on Facebook
Sign In or Register to comment.