During Try it: I plug in Bearer token on an endpoint that shares an Auth Security Scheme from parent folder. Works great in the sense that the token is cached and is then shared across other endpoints.
Question:
Where is this token cached → e.g. Session vs Local browser storage , etc ? Just want to understand for how long will this cached value be persisted and how it can be cleared.
Is there any setting on the Apidog admin console side where, if I wanted to invalidate any of the cached tokens for any of the users that used the Try It feature and had tokens cached, then once I do this this setting change the cached token won’t work any longer and every user to get new ones
The Bearer token is cached locally in your browser. It will be cleared when you close the entire browser, and you’ll need to obtain a new token when accessing the documentation again.
The Bearer token is stored in your browser’s session storage. It will persist until you close the browser tab/window, at which point it will be automatically cleared. Currently there is no admin console setting to forcibly invalidate cached tokens across all users.
The Bearer token is stored encrypted in localStorage, while the decryption key is kept in a session cookie. Although localStorage persists, closing the browser invalidates the session cookie, rendering the encrypted token inaccessible until you re-authenticate.
The user of the API Docs w/ the Try It function has no need to authenticate. I mean, yes we provide them an Bearer Token that they can use for testing, but I don’t think that’s what you mean by authentication here.
