The access token generated by your server component is a jwt that contains a grant for Programmable Voice, an identity that you specify, and a time-to-live that sets the lifetime of the generated access token. The default time-to-live is 1 hour and is configurable up to 24 hours using the Twilio helper libraries.
In the Android SDK the access token is used for the following:
- To make an outgoing call via
Voice.call(Context context, String accessToken, String twiMLParams, Call.Listener listener) - To register or unregister for incoming notifications via GCM or FCM via
Voice.register(String accessToken, Voice.RegistrationChannel registrationChannel, String registrationToken, RegistrationListener listener)andVoice.unregister(String accessToken, Voice.RegistrationChannel registrationChannel, String registrationToken, RegistrationListener listener). Once registered, incoming notifications are handled via aCallInvitewhere you can choose to accept or reject the invite. When accepting the call an access token is not required. Internally theCallInvitehas its own accessToken that ensures it can connect to our infrastructure.
As mentioned above, an access token will eventually expire. If an access token has expired, our infrastructure will return error EXCEPTION_INVALID_ACCESS_TOKEN_EXPIRY/20104 via a CallException or a RegistrationException.
There are number of techniques you can use to ensure that access token expiry is managed accordingly:
- Always fetch a new access token from your access token server before making an outbound call.
- Retain the access token until getting a
EXCEPTION_INVALID_ACCESS_TOKEN_EXPIRY/20104error before fetching a new access token. - Retain the access token along with the timestamp of when it was requested so you can verify ahead of time whether the token has already expired based on the
time-to-livebeing used by your server. - Prefetch the access token whenever the
Application,Service,Activity, orFragmentassociated with an outgoing call is created.