× FreshBooks App Logo
FreshBooks
Official App
Free - Google Play
Get it
You're currently on our US site. Select your regional site here:
Back
Try It Free Login
Contact Us

Call Toll Free: 1.866.303.6061

1-888-674-3175

Try It Free Login
Login Try it Free
1.866.303.6061 1-888-674-3175 Contact Us Try It Free Login
Introduction Postman Collection Tools and Libraries Social Login
Authentication Scopes Identity Model
Search, Paging and Includes Active, Archived, and Deleted Errors Request Limits How to create your FreshBooks app listing
Get Authenticated On The FreshBooks API How To Find The Right Scopes For Your App Getting Started with FreshBooks NodeJS SDK Receive Online Payments with Checkout API Enabling Online Payments On An Invoice Credit Card Tokenization
API Changelog Path 413 Created with Sketch.
Bearer tokens replaced with JWT tokens
Clients Update Secondary Contacts Credits
Invoices Invoice Profiles Invoice Presentation and Attachments Payments Online Payments Other Income Taxes
Expenses Expense Categories Expense Attachments Bill Vendors (beta) Bills (beta) Bill Payments (beta)
Estimates
Time Entries
Services Projects
Team Members Staff
Reports
Journal Entries
Webhook Callbacks
Gateways Items Systems Tasks

Fixed-length Bearer tokens being replaced with variable-length JWT tokens

In early Apr 2021 we updated our Bearer tokens from a fixed-length to a variable-length JWT for newly created apps. Any apps that were created after that date were issued the JWT access tokens and will see no change going forward.

Apps that were created before that date will continue to receive a fixed-length access token until May 1st, 2023 when we will be dropping support for the fixed-length access tokens and instead only the variable-length JWT access tokens will be issued.

More about authentication here and on our start page.

Details

Who is affected?

Any apps that were created before Apr 2021.

What is changing?

We have updated our Bearer tokens from a fixed-length to a variable-length JWT.

Notes:

  1. If you are storing access tokens in a database we recommend using a “TEXT” type column (hold up to 64KB or 65,535 characters) to handle the variable-length access token now, and ideally you are storing them encrypted.
  2. The change currently only affects the access token, and not the refresh token. Refresh tokens remain unchanged, however they could change in the future and any assumptions you’ve made about the length of these should be re-evaluated.
  3. To check to see if you are being issued JWT access tokens currently, you can inspect your issued access tokens and if they look something like xxx.yyyyyy.zzzz, or they aren’t a fixed length of 64(?) characters then you already have JWT access tokens enabled.