Upcoming: Expiration of OAuth access tokens is changing
Announced: September 20, 2021
Beginning on November 8th, OAuth access tokens will be generated with a shorter expiration time. Tokens currently expire 6 hours after they are generated. After this change, tokens will expire 30 minutes after being generated.
The expires_in parameter returned with tokens will always reflect the time that the token will expire, so if your integration is following that parameter, or automatically refreshing the access token when receiving an HTTP 401 error for an expired token, then you should not need to make any changes to your integration. However, if you've hardcoded the current 6 hour refresh time, then you will need to update your integration to match the new 30 minute expiration time. We would recommend following the expires_in parameter for refreshing access tokens, and not hardcoding a refresh time.
This change will have no effect on refresh tokens, or any other part of the OAuth process.
When is this happening?
This change will affect new access tokens starting on November 8th. Any access tokens created before this change will be valid for their full lifetime based on the expires_in parameter received at the time the token was generated.
Please let us know if you have any questions by joining the discussion in our community.