Secure Storage
Never hardcode access tokens in your source code. Use environment variables or secure configuration management.
Authentication
The Stack Overflow SDK requires an access token to authenticate API requests. This guide explains how to obtain and use access tokens with the SDK.
Overview
Section titled “Overview”The SDK uses OAuth 2.0 with access tokens for authentication. All API calls require a valid access token to be passed during SDK initialization.
import StackOverflowSDK from 'so-teams-sdk;
const sdk = new StackOverflowSDK({ baseUrl: 'https://[your-site].stackenterprise.co', accessToken: 'your-access-token-here'});Obtaining Access Tokens
Section titled “Obtaining Access Tokens”For Stack Overflow for Teams Enterprise
Section titled “For Stack Overflow for Teams Enterprise”If you’re using Stack Overflow for Teams Enterprise, follow the comprehensive OAuth implementation guide to generate secure API tokens:
Secure API Token Generation with OAuth and PKCE →
This guide covers:
- OAuth Authorization Code flow
- PKCE (Proof Key for Code Exchange) implementation
- Token generation and management
- Security best practices
For Stack Overflow for Teams
Section titled “For Stack Overflow for Teams”If you’re using Stack Overflow for Teams (Business or Basic), the process is simpler. You can generate a Personal Access Token (PAT) by following this guide:
Personal Access Tokens (PATs) for API Authentication →
PATs allow you to authenticate securely with the API without needing the full OAuth flow.
Using Access Tokens
Section titled “Using Access Tokens”Once you have an access token, initialize the SDK with your credentials:
import StackOverflowSDK from 'so-teams-sdk;
// For Stack Overflow for Teamsconst teamsSDK = new StackOverflowSDK({ baseUrl: 'https://your-site.stackenterprise.co', accessToken: 'your-access-token'});Token Scopes
Section titled “Token Scopes”Different API operations require different scopes. Common scopes include:
| Scope | Description |
|---|---|
| read_inbox | Access user’s inbox |
| write_access | Perform write operations |
| private_info | Access private user data |
| no_expiry | Token never expires (use with caution) |
Environment Variables
Section titled “Environment Variables”For security, store your access tokens in environment variables:
export const config = { baseUrl: process.env.STACKOVERFLOW_BASE_URL, accessToken: process.env.STACKOVERFLOW_ACCESS_TOKEN};import StackOverflowSDK from 'so-teams-sdk;import { config } from './config';
const sdk = new StackOverflowSDK(config);Token Management
Section titled “Token Management”Token Expiration
Section titled “Token Expiration”Unless you use the no_expiry scope, access tokens expire after 24 hours. Monitor token expiration and implement refresh logic as needed.
Error Handling
Section titled “Error Handling”Handle authentication errors gracefully:
async function makeAuthenticatedRequest() { try { const questions = await sdk.questions.getQuestions(); return questions; } catch (error) { if (error.status === 401) { console.error('Authentication failed - token may be expired or invalid'); // Implement token refresh or re-authentication logic } else if (error.status === 403) { console.error('Insufficient permissions - check token scopes'); } throw error; }}Security Best Practices
Section titled “Security Best Practices”Token Rotation
Regularly rotate your access tokens and implement proper token lifecycle management.
Scope Limitation
Request only the minimum scopes required for your application functionality.
HTTPS Only
Always use HTTPS when transmitting access tokens to prevent interception.
Next Steps
Section titled “Next Steps”Once you have your access token configured:
- Quickstart Guide - Get started with the SDK
- Questions API - Learn about fetching questions
- Rate Limits - Understand how rate limits work on SO Teams