Developers » Service Token
Roadmap Ť Service Token
Here is one of the nearest changes for VK's API platform. To view the list of all previous and coming changes, see the roadmap.

1. How it works now
2. What is to be changed
3. How to prepare for the changes

Expected date: April 2017
1. How it works now
Some API methods do not require authorization. For example, to use users.get, simply insert the parameters of the method itself without passing the token for the server to return the correct response. These are open methods.

At the same time, the secure section methods require using the special token which must be separately requested and received through oauth.vk.com, and passing the secure app key (client_secret) in the request.
2. What is to be changed
Starting from April 2017, to use open methods and secure methods, a service token must be used from the app settings. You need not make a separate request to oauth.vk.com to receive it. The tokenĺs expiration date is unlimited but you may update it at any moment by resetting the previous.

For requests without a token, the server will return an error message.
3. How to prepare for the changes
If your app uses open methods, you need to change the logic connected with them so that the service token is passed in requests. You can receive or update the token by using your app's editing page.

If your app uses the secure section methods, you need to change the logic connected with them so that the service token is used from the app settings and not the one you received in the separate request to OAuth. Also, you must delete the client_secret parameter from requests as it is not longer required.

The service token identifies your app. All requests to the API completed while using your token will be considered completed from your app. The service token may only be used from the server side of the app. It cannot be passed and saved on the client side of the app.