Few things about access token

I would like to know few things about spark access token.

  1. Is there an expiry date of an access token?
  2. Can I have more than 1 access token for a single core?
  3. If I generate a new access token by calling https://api.spark.io/oauth/token is the new token will be listed in Spark Build?
  4. For an mobile or web app that is private to me, is it a good practice to store the token locally?


  1. Currently the access tokens have an expiration date of 90 days.
  2. The access tokens is for your Spark account, not for a single Core.
  3. As far as I’m aware, the Build IDE will show you your current access token, so if you request a new one, it will replace the previous one.
  4. If you’re the only user of the app, then it probably doesn’t hurt to just store it locally. For added security, you could make use of PHP files to hide it, but that probably isn’t necessary. There is a topic on the forum though, should you be interested.

Does this mean that the replaced token is no longer valid??

Suppose I have a mobile application that I use to control my core. AS you said it expires every 90 days do I need to invoke the spark auth url to create a new token every 90 days or before that??

You need a valid access token to be able to control your Sparks, so it’s perhaps best to renew them before they expire, to avoid any problems. Access tokens have been an ongoing discussion for a while, and I believe the nice folks at Spark HQ are looking at ways to improve them.

I’m not entirely sure on this one, so I thinks it’s best to call in some help: @harrisonhjones, @kennethlimcp

1 Like


1.) The access token generated lasts for 30 days

2.) You can have more than one access token for an account. There is currently no access token control that allows you to manage specific cores.

This might and should change in the future when more features are released by spark

3.) The token in the Web IDE is generated for Web IDE itself. Generating a new token via API does not change the parameter and will not be shown.

You can use the API to list and manage all the tokens available for your account

4.) Tokens are meant to serve that purpose where the server have the decision to revoke the token should there be a need. (eg. 30 days trial expired)

You can safely store them locally :wink:

Hope this helps!

Thanks a lot @Moors7 & @kennethlimcp.

Few more things I would like to know:

  1. is is there any way to test if a token is valid or not?
  2. How many active tokens can I have simultaneously?

I don’t remember of an API endpoint that allows you to do so but just query https://api.spark.io/v1/devices and it should say invalid access token if the token has expired

Thanks will try that. About the second question is there any limitation to the number of active tokens?

I don’t think so but we probably need an official reply :slight_smile:

1 Like

When I was playing with java script to issue tokens I had 50+ token at same time without any problems


Thanks @zerous

Its good to know

This is a helpful discussion. Can anybody discuss how existing Spark based products (dog feeder, sous vide, etc.) work from a user experience? Are purchasers required to set up an account with Spark? Can the provider of the product manage the entire experience? Thanks in advanced!

I was also wondering the same.
Lets see if anybody has an answer.

This is the kind of info I was specifically reading this thread for. So if someone can elaborate on how to handle things like access codes and IDs in a commercial (i.e.: not sitting on my development bench), I would love to read it.

@MarkSHarrisTX I think the new we just heard from the Spark Team seems to indicate that this will be addressed in the forthcoming Fleet Management functionality. Fingers crossed!

Thanks. Not sure what a “Fleet Management functionality” might include, but I’ll go search it out.

It means managing the devices in bulk easily :smile:

For example…maybe a mass OTA update to all your devices!

1 Like