When using RestFul web api in my app I have a requirement to handle token caching so that on the authorization(api side) It only needs to send this access token to the validation server once per hour or whenever the expiration is set at. The other subsequent calls up to that hour mark would see that it has been already validated and can allow the call to continue
So what is the correct flow for handling this type of caching?
Client gets Access Token on their side with their Id and Secret ->
Bearer AT is passed in header to my api and I validate it once ->
Api call is made and response is sent back along with AT and a Validated boolean value as true??? ->
All other client calls made to the api will attach Access Token and Bool Value in the header??? ->
Api reads bool value as true and allows passage???
This doesn’t seem the right way to handle it to me. So what is the proper way?