Maximum number of concurrent access tokens and refresh tokens supported by B2C Commerce

There’s no limit on refresh_tokens but there’s a limit of logins per user per time. It is possible to log in once per session as per the best practices for SLAS since it usually issues JWT-style tokens not OAuth tokens.

Also, API clients can obtain multiple tokens simultaneously. However, the quantity of tokens acquired is subject to rate-limiting based on tokens requested per minute, which is tied to the assigned client ID and the associated tenant.

However, extensive requests are not required when each token serves its purpose throughout its entire lifespan. Instead of generating a large number of tokens in a short period for the same purpose, it’s advisable to maximize token reuse and use them for as long as possible.