Managing token expiration

How OAuth token expiration works

When a new API client requires access to Collaborate API, a client API registration is required for them to generate the OAuth token. 

Each OAuth registration is configured with a token expiration time, which can be configured to expire from 30 min to a 1 month. The default configuration is 5 hours. 

When a client generates an OAuth token a response of the following format is provided 

<TokenResponse>

   <access_token>E_MIswtXKgu123456RlueUXQqFvyTCxw</access_token>

   <expires_in>2419200</expires_in>  (In seconds)

   <refresh_token>nincFU9Jv8612343rsvgPlsv6tAc0Nks</refresh_token>

   <token_type>bearer</token_type>

   <useremail>user@clientname.com</useremail>

</TokenResponse> 

The   <expires_in> parameter indicates the token expiration time set for this specific API registration. 

The token expiration time starts when the token is generated, and the generated token expires after this specific time, which means that any API request made after this expiration time will result in 403 Access denied message. 

For the client application and API calls to continue working you either need to keep a client side record of this token expiration or when you get a 403 access denied message you need to generate a new OAuth token by using the refresh token.

Use the <refresh_token> to generate a new OAuth token by using the API end point as specified in the OAuth documentation 
Please note that the fresh token is reset each time the access token is generated and the refresh token is valid for a year. The refresh token time limit cannot be altered. 

Please note that you do not need to manually create a OAuth code each time the OAuth token expires, but instead refresh token should be used.