Security
Enabling refresh token on FastStore
Refresh token is a security mechanism that allows users to obtain a new, short-lived access token without requiring them to log in again.
The FastStore SDK Session includes built-in support for the refresh token flow. It automatically manages token renewal, session management, and error handling.
As a FastStore user, you only need to enable the refresh token in your project configuration. The SDK will manage the process automatically, without requiring custom flow implementation.
In this guide, learn how to enable the refresh token in a FastStore store.
For background on how refresh tokens work, refer to the Refresh token flow for headless implementations guide.
Before you begin
Update your FastStore project
Make sure your project is updated to the latest version. To do so, follow these steps:
- Open your project in a code editor.
- Open a terminal and run the following command to update the FastStore packages to the latest version:
_10yarn upgrade -L --scope @faststore
Request refresh token activation
Open a ticket with VTEX Support to request refresh token activation and an expiration time (1, 7, or 30 days). Include the account name(s) in your request to enable the feature. Without this activation, you won’t be able to enable the refresh token in your account.
Instructions
-
Open your FastStore project in a code editor.
-
In the
discovery.config.jsfile, within theexperimentalsection, add therefreshTokenflag and set its value totrue: -
Commit and push your changes to the main branch to deploy the changes to production.