What is best practice when using the API authentication method of username and password?

[timantmedia]

If using a username and password in API authentication, how long does the session last?

What's the best practice, to re-authenticate upon each request to the API or to re-authenticate when hitting a particular response code like a 403 and proceed with the request?

[lastpeony]

To the best of my knowledge default http session timeout is 30 minutes.
You should be able to set default http timeout through web.xml
locate /webapps/ROOT/WEB-INF/web.xml

<session-config>
    <session-timeout>30</session-timeout> <!-- Specify the session timeout value in minutes -->
</session-config>

(not tested)

Please remember not all rest api endpoints require username password auth.
I would login again if 403 is received

[mekya]

Hi @timantmedia,

Gentle Reminder: If you are doing some automation or programatic things, please don't use username and password for authentication.

Please use JWT token to access the REST API. Check this out
https://antmedia.io/docs/guides/developer-sdk-and-api/rest-api-guide/management-rest-apis/

[timantmedia]

So is the username and password authentication only really for when you want to make ad-hoc API requests using Postman or something similar?

[lastpeony]

username password auth can be used for testing in my opinion
in production app should use JWT to communicate with AMS through REST API as mekya mentioned

[mekya]

So is the username and password authentication only really for when you want to make ad-hoc API requests using Postman or something similar?

Yeah, maybe.
Username and password authentication is for user to login with their password. It's that simple.