API changes — token sharing policy for third party apps

Dear developers,

We’ll be making changes to the token sharing policy for third-party applications on 13 June 2022.

Our new validation rule will only grant access if the token used during the API call is created for the same app. The call itself remains unchanged.


  "authorize": "a1-jilip7T3KdWcR6vpkJwvp9j"


  "echo_req": {
    "authorize": "<not shown>"
  "error": {
    "code": "InvalidToken",
    "message": "Token is not valid for current app ID."
  "msg_type": "authorize"

Please make any necessary changes to your code.

If you have any questions, contact us at [email protected]

Thank you.


  • Dear developers,

    The above change only affects OAuth tokens and not the API tokens that are provided by your clients.

    If your app uses OAuth tokens for authorisation purposes, please ensure the app_id in the query string matches the app_id used to connect to WebSocket.

    For example, the app_id used in the following URLs should be exactly the same:

    Please contact us at [email protected] if you have further questions.

Sign In or Register to comment.