Hey,
I'm working with IG's OAuth authentication process to keep an authenticated session in my REST API client. As IG's OAuth access token expires every 60 seconds, I refresh the access token with the provided refresh token every 55 seconds to keep a valid access token at all times (having a look at network traffic in IG's REST API companion, it looks like it's done exactly the same way there).
However, recently the POST /session/refresh-token v1 interface became very unstable, often throwing error.security.invalid-details or error.security.authentication.timeout. As I use an exponential backoff retry mechanism behind the requests, the requests sometimes works after 3 or 4 retries (after 10ms to 100ms delay before I trigger the next retry). However, sometimes the requests don't succeed at all and I'm forced to create a new session with the POST /session v3 interface (which has worked as a last resort for now).
Even if I have recovery mechanisms in place to ensure a valid access token, it's a bit odd that POST /session/refresh-token v1 fails this often recently. Session management is the most basic layer of an API and it shouldn't be this unstable.
I should mention that I run two distinct processes which maintain their own authenticated sessions. But even with two sessions I'm doing 2 non-trading requests per 55 seconds which is well within IG's REST API quotas.
It looks like the POST /session/refresh-token v1 interface might be overloaded on IG's side for some reason recently. If this is the case it might be helpful that I call attention to this issue here. If this isn't caused by an overload on IG's side I would appreciate some feedback what I should do different (which would ultimately imply that it is not done in the very correct way in IG's REST API companion as well).
I would appreciate if there is some feedback regarding this issue!
Best regards,
ArturCz