improved

Authentication API - Improved bearer token

Changed the nature of bearer token from one-time use to stable tokens

High-level description

The tokens used to access Personio's Public API endpoints have been changed from a one-time use token to a stable token that remains unchanging for a period of 24 hours. Please note that the stable token will also be returned in the header of a successful API response, exactly like the one-time use token, with the obvious difference being the same stable token will be returned in the response header. Therefore, no integration change is needed to accommodate this change from an existing Personio API user's perspective

Technical description

The new stable tokens with begin with a 'papi-' prefix and will be generated from the Authentication endpoint using the client credentials (Client ID and Secret) that are present in a user's Personio account. Once a stable token is generated from the Auth endpoint, it will last for a period of 24 hours from its moment of generation and therefore the same stable token will be returned for a specific pair of credentials for 24 hours. As noted above, the same stable token will also be provided in the response header of a successful API call as well

The stable token can be used for parallel connections to multiple Personio endpoints and helps to minimize the need for token rotation scripts and/or sub-routines.