Could we authenticate the app once per session?

May 20, 2011 at 5:16 PM

Whenever we make an online or offline access to the health vault, the SDK calls the health vault twice, once to authenticate the app via the Connection object, ConnectionFactory.getConnection(), and the other is the actual send request call.

The app authentication calls seem to be a little expensive - I can sense the delay in debug mode stepping through the ConnectionFactory.getConnection(). My question is:

Do we need to make the app authenticate call every time we access the health vault? If not,

  • Could we use Spring to inject a Connection object per user session and reuse the same Connection object for all access during the session by the same user?
  • Or since authenticating the app is not at the user level, could we authenticate the app once and reuse the Connection object for all access by all user sessions? Would there be thread-safety or other problems that this should not be considered?

Thanks in advance,


May 20, 2011 at 9:50 PM

Hi May,

The ConnectionFactory does not call HealthVault to re-authenticate every time.  It caches the authentication token and injects it into new connections.  The app is authenticated once and the authentication information is shared accross all connections.  If you are seeing otherwise, send me your code.  Creating a connection should be cheap.  If the secret is stale, re-authentication will happen automatically when a new request is made. You shouldn't have to worry about it.

Connection objects are not thread safe.  Keep them around as long as you like, but do not share one across threads.

You can use a single Connection for as many users as you wish.  User context is added at the Request level.  Just remember to make calls for a single user from a single Connection at a time.



May 21, 2011 at 2:11 AM

Thanks Rob! My bad, only the first connection.authenticate() call in the ConnectionFactory took a little more time during my debug session. The subsequent calls to authenticate() did not actually authenticate since the force flag was false. We are good now - creating a new connection object each time we access Health Vault is fine and simpler.