Most REST API’s I have worked with work in a similar way with regards to authorization: Based on some credentials, you generate a token, and use that token for subsequent requests. You can usually create as many tokens as you want using the same request.
What I noticed in FME (but please correct me if I’m wrong), is that a token must have a unique name, and when using the same request, you get a response that says Specified user token already exists. Of course I can update an existing token, or delete it and create a new one, but that means that in most cases, I need two requests instead of one.
Another thing I noticed is that expired tokens are not deleted automatically: A request to /fmeapiv4/tokens showed me a token that apparently I generated 7 years ago!
I am curious about the reasoning behind this way of using tokens. I mean, why does a token have to have a name, and why would you keep generated tokens forever?