If api keys do not need to ve stateless, every api key can become a refresh toke... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		rahkiin 4 months ago \| parent \| context \| favorite \| on: Everything I know about good API design If api keys do not need to ve stateless, every api key can become a refresh token with a full permission and validity lookup.

marcosdumay 4 months ago [–]

This.

The separation of a refresh cycle is an optimization done for scale. You don't need to do it if you don't need the scale. (And you need a really huge scale to hit that need.)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact