Shopware

How to extend the expires_in time in Admin API?

Bundit Nuntates

Bundit Nuntates

2 min read
How to extend the expires_in time in Admin API?
Photo by Lukas Blazek / Unsplash

Extending API Timeouts in Shopware 6.6: A Developer's Guide

When developing with Shopware 6.6, you might encounter situations where the default API timeout settings are too restrictive, especially during development or when handling large data sets. This guide explains how to extend these timeouts and understand the available configuration options.

Configuration Parameters

The key configuration parameters can be set in your shopware.yaml file:

shopware:
  api:
    max_limit: 2000
    access_token_ttl: "PT12H"
    store:
      context_lifetime: "P7D"

Understanding the Parameters

  1. max_limit: Defines the maximum number of items that can be returned in a single API request
  2. access_token_ttl: Sets the lifetime of API access tokens
  3. context_lifetime: Determines how long the store context remains valid

ISO 8601 Duration Format

Shopware uses the ISO 8601 duration format for time specifications. Here's how to read and use these durations:

Common Duration Patterns

Format Meaning Example Use Case
P1Y 1 year Long-term tokens
P1M 1 month Monthly maintenance windows
P1D 1 day Daily operations
P30D 30 days Monthly cache clearing
PT1H 1 hour Short-term sessions
PT5M 5 minutes Quick operations
PT35S 35 seconds Brief transactions

Combining Durations

You can combine these units for more precise timing. For example:

  • P1Y6M (1 year and 6 months)
  • P1DT12H (1 day and 12 hours)
  • PT1H30M (1 hour and 30 minutes)

Best Practices

  1. Development Environment
    • Use longer durations during development to avoid frequent token refreshes
    • Consider setting access_token_ttl: "P7D" for week-long development sessions
  2. Production Environment
    • Keep durations shorter for security
    • Recommended: access_token_ttl: "PT12H" or less
    • Regular context refresh: context_lifetime: "P1D"
  3. Performance Optimization
    • Adjust max_limit based on your server capabilities
    • Consider pagination for large datasets
    • Monitor API response times after changes

Implementation Example

For a development environment focusing on extended working sessions:

shopware:
  api:
    max_limit: 5000  # Increased for development
    access_token_ttl: "P7D"  # 7-day tokens
    store:
      context_lifetime: "P30D"  # Monthly context refresh

Security Considerations

Remember that extending timeouts, especially in production:

  • Increases the window of opportunity for token misuse
  • May impact system resource usage
  • Should be balanced against security requirements

Always review these settings before deploying to production and adjust according to your specific security needs and usage patterns.

Troubleshooting

If you experience issues after changing these settings:

  1. Clear your cache
  2. Regenerate access tokens
  3. Verify the syntax of your duration strings
  4. Check server logs for timeout-related errors

Remember to test thoroughly after any configuration changes to ensure your applications continue to function as expected.

Read more