Truv returns 401 for invalid tokens and 403 for insufficient permissions. Use secure storage, refresh tokens, and set proper permissions.
Truv manages invalid authentication tokens by returning specific HTTP status codes to indicate the nature of the issue:
-
401 Unauthorized: This status code is returned when the request lacks valid authentication credentials, such as when the token is missing, invalid, or expired.
-
403 Forbidden: This status code indicates that the provided credentials are valid but do not have the necessary permissions to access the requested resource.
To prevent unauthorized access, it's crucial to handle these responses appropriately in your application. Ensure that your tokens are securely stored, regularly refreshed, and possess the required permissions for the intended API endpoints.