I would humbly suggest that the google changes authentication tokens (soon) to be dependent on the password for the account for which the authentication token was requested.
Before, if somebody accidentally posted his e-mail and password and other dev-tokens etc- he'd say, "whoa", and then go and change the passwords on the accounts he just made writable by the world. But now, if somebody posts his authentication token to this forum, or elsewherez, and the world will have write access until that token expires. Perhaps I'm understanding this authentication token incorrectly. Or perhaps google will allow people to request that their authentication tokens be invalidated? Also, one might think that it would be ok, because actually the entity that used that authentication token would be leaving a trail as they did it. However, this will not be the case with anybody who knows what they're doing. For instance, in the last week somebody posted their name/password to this forum. Hopefully he changed his password. And hopefully he changed his password before somebody requested an authentication token. And/or, hopefully his account is small enough that if somebody did get his authentication token and put bogus ads and keywords they would be obvious. And not buried within a hundred different adgroups. Anyway, blah blah blah, etc etc etc, beating dead horse here, -tim On Dec 14, 10:38 am, AdWords API Advisor <[email protected]> wrote: > Hi Tim, > > An authToken for the AdWords API is valid for two weeks, although it > would be fine generating a new token every week or even every day. > There is no need to wait for an authToken to expire before generating > a new one, although requesting them too frequently (such as one per > request) can lead to errors. > > I don't believe password changed invalidate an authToken, and I am not > aware of any way to manually invalidate an authToken. > > In regards to errors, there isn't a comprehensive error code page in > v2009 as there was in v13. Instead, each service has a number of > defined error types and reasons. You can find these under the base > type ApiError for each service: > > http://code.google.com/apis/adwords/v2009/docs/reference/CampaignServ... > > Best, > - Eric Koleda, AdWords API Team > > On Dec 13, 10:39 pm, timprepscius <[email protected]> wrote: > > > > > Greetings, > > > The client login api specifies that authentication tokens expire in > > "about a week." > > What does this mean? > > > Does this mean, 6-8 days? 4-10 days? Or 0 -> inf? > > > I'd sorta actually like to just request new authentication tokens > > every X days, and then not worry about having to figure out the errors > > which an expired authentication token throws. I have a feeling though > > this will not be an option. > > > Also, if someone changes their password, will the authentication token > > immediately expire? > > > If not, is there a way to force an authentication token to expire? > > > Also, is there a web page with all of the possible errors from adwords > > 2009 enumerated. I can't find it, although I may easily be > > overlooking it. > > > Thanks in advance, > > > -tim -- You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en.
