This is a reminder to the previously communicated announcement “New Oauth2 endpoints and deprecation of the old ones” posted on 2024-07-18.
Announcement: | Important updates related to the migration from old to new Oauth2 token endpoints |
Service: | Pagero |
Date: | 2025-01-30 17:45 |
Dear customers,
This is a reminder to the previously communicated announcement “New Oauth2 endpoints and deprecation of the old ones” posted on 2024-07-18. We have some important updates and information to share with you:
New end-of-life for old endpoints
We have prolonged the previous communicated end-of-life date from 2025-02-01 to 2025-06-01. However, we strongly recommend you to migrate over to the new endpoints as soon as possible as we will not maintain nor support the old endpoints after that date.
A more seamless token transition has been introduced
We have introduced a more seamless transition for getting the tokens for the new endpoints, which eliminates the re-authenticating of end-users in relation to the migration from old to new endpoints. More info is found following the below link ‘Service endpoint migration guide’
Why are we doing the migration?
The Pagero Online platform now offers new OAuth2 endpoints designed with enhanced security, ensuring your data remains safeguarded against emerging threats. These new endpoints incorporate the latest security standards, ensuring safer integration between systems as well as offering more integration options and a more robust environment for future growth.
While we understand that transitioning to new endpoints may pose challenges, it is crucial for maintaining secure integrations and keeping your data safe.
What changes are introduced with the new endpoints?
One key update in the new identity server is the introduction of a rolling lifetime for refresh tokens, set to a maximum of 3 years. This change ensures enhanced security and compliance with modern best practices. With the new setup, refresh tokens will remain valid for up to 3 years, allowing continuous access during this period. However, after 3 years, users will need to re-authenticate to obtain a new token pair. This change reinforces security by minimizing risks associated with long-lived tokens while still providing flexibility. For more information on rolling lifetime expiration, please follow the link in the ‘API Authentication and Authorization guidelines’.
API Authentication Authorization guidelines:
https://pagero.github.io/partners/apis/api-authentication-authorization/
Service endpoint migration guide: