Refresh Token

The refresh token is a long-lasting token that allows you to generate new access tokens
without having to use your main credentials (AppID and AppSecret) each time.

You receive a refresh token when you create your account on the Developer Portal
The refresh token does not expire, but can be revoked for security reasons
Use the refresh token to generate access tokens, which have a limited duration (1 hour).

Access Token

Access tokens expire after 1 hour (3600 seconds). You must renew the token before
it expires to maintain continuity of operations.

We recommend implementing a logic that:

Store the token and its expiry time
Check if the token is about to expire before each request
Renew the token automatically when necessary

Example of javascript auto-renewal

    const tokenExpiresIn = (expirationTime - Date.now()) / 1000

    if (tokenExpiresIn < 300) {
      // renew token
      const newToken = await renewAccessToken()
      // update and store new token
      storeToken(newToken)
    }

Secure Token Storage

Access tokens must be stored securely:

Backend - store tokens in environment variables or secure systems of
secret management
Mobile - use platform-specific secure storage (Keychain on iOS,
EncryptedSharedPreferences on Android)
Never include tokens in versioned source code or logs.