One of my customers wants to know if he can receive a cached token ? Can you help? What is a cached token ?
Do you provided a credential for this customer?
Assuming the scenario is a customer/partner want to have access to APIs in your tenant API Gateway. Are they really asking how they acquire a token (OAuth Bearer Token) to authenticate to the API Gateway for that tenant. All of that is possible.
Or asking you to create a bearer token for them and pass it to them to use while it is valid? Which is a very odd scenario… but you could handle it , you do need to consider the risk of doing so.
As tokens have a life, it is a best practice for the API client application to manage the token through its life, vs a new token on every API use. (commonly via a secrets server of some type). Tokens have refresh capability to extend their life. Again a highly recommended approach vs. getting new tokens which are license limited and generally low volume. The API Authorized Client definition has setting for life and refresh depending on your needs. There are other Client authorization considerations when developing API client, posted on Communities yesterday. Please add clarity as to the question and we can try to answer further.
