Max number of valid access tokens for an account

[HK]

Hi,

I suspect this has been asked before, but I was unable to find an answer. We currently have four servers accessing the AdWords APIs and to avoid having to share access tokens / refresh tokens across servers, I'd like to have each server use its own set of access token / refresh tokens which they would renew every hour. How many active /(valid) access tokens / refresh tokens can we obtain for an MCC account at any given time? If you are not able to provide the exact number, could you give me a ballpark for what the number might be? (1-30, 1-50?)

Thanks in advance,

Hans

[Danial Klimkin]

Hello Hans,

OAuth2 is not specific to AdWords API and we can't set / share the exact limits here (they can also change over time). The only description I can suggest is the note here:

  https://developers.google.com/accounts/docs/OAuth2#basicsteps

From practice, access tokens can get invalidated as soon as you get a new one, but you can have multiple refresh tokens per app. We'd recommend to set up a token sharing service for such cases as this would get harder and harder with your environment scaling.

-Danial, AdWords API Team.

[Oliver]

Hi Hans,

That's an interesting question.  Have you actually already tried this setup of running 4 servers with each using its own access token?  Did you encounter any problems so far?

Alternatively, if the only other option is to use a sharing service, what are the best ways of implementing this?

Oliver

[HK]

Oliver,

Sorry for the delay. I have not tried to set this up, but looking into it some more and reading the OAuth 2.0 RFC, I came to the conclusion that it isn't safe to assume that you can have multiple valid access token and refresh tokens at any given time, even a very limited number. So I'm going to maintain one set of tokens in a shared SQL database table. Whether this is the best way to do it, I can't say, but for our environment, it seems to be the better choice.

Hans

[Oliver]

We currently have 2 servers that simultaneously access the same account. They use different refresh tokens though and we never had an issue for over a year.

However, we'll soon be implementing a solution that requires 10 servers to simultaneously access accounts that share the same refresh token.  I'll run a test to see if this works without having to share the access token.  I'll report my findings here.

Oliver