Api secret and Api key

I am developing an Angular app using frappe as backend. So to authenticate I would go with the token authentication. To get token we need to have api_key and api_secret

Is it OK to save api_key and api_secreet at browser’s local storage.

you don’t really have a choice ,API tokens (and all client tokens, in fact) are always visible to the client. otherwise you have to use another server then request the server to make requests on the client’s behalf.

1 Like

That can be considered as a workaround. I have one more question, there is a session id ‘sid’ attached with the response. How long the session will exist?

The default session is 6 hours.
You could find the session details in System Settings


1 Like