Storing Access and Refresh tokens with Sugar Cloud

Question

What is the best way to store an access and refresh token for an external api in a way that will allow me to update them when new tokens are generated? I have a dashlet that accesses the Box API every time an Account record is refreshed. I want to make sure I can continue to use the access token while it is valid rather than getting a new access token every time the API is called. 
 Is there a directory in the file structure where I can store a txt or csv file to store the tokens? How is this typically handled?

Enrico Simonetti · Answer

Hey Greg Billings 
 Would you also need to store the credentials to obtain the tokens to start with? 
 If you do, keeping it brief, you have two options that come to mind on how to approach this. 
 
 Connector framework - Look at ./modules/Connectors/* and ./custom/modules/Connectors/metadata/connectors.php . It might need a little reverse engineering on your part, as I believe it is not well documented how to extend the functionality. Also, the connectors framework has not been updated in a while as far as I know 
 Build your own admin page, and encrypt/decrypt the secrets - You could use these examples if they still work https://gist.github.com/esimonetti/186c684de252db97a6b642ed3fbc82d8 
 
 If you only need to store "temporarily" something you could use the second approach to encrypt the data, in combination with the Sugar database. 
 
 Good luck!