1Ağu
Adding a userid as part of an API token to improve performance
I am working on an API that has 42 character tokens - short term access tokens and replaceable refresh tokens. These are stored in a SQL db and on each access are sent in the header as a bearer token. We check the db for the existence of the access token and its expiration.
All API users have a 6 digit userid.
My question is why not make the token 48 characters with the first 6 characters the userid (the db would store 2 columns - token and userid)? To check the token we would split what we receive to a 6 character "userid" and a 42 character "db token" and check the db.
The benefit is that we would need to create an index only on the userid and not on the entire token?