After one hour, your application's access token will be invalid. You can use the
refresh token to request a new access token without having to re-authenticate with the user.
The refresh token is valid for 7 days or until a new access token is requested.
When the access token expires, API requests will receive an HTTP 401 response with the following body:
{
"error":"invalid_request",
"error_description":"The access token expired"
}
Note: The error description The access token expired is the only way your
application can recognize this error. Your application should request a new access token using
the refresh token.
You make a request to refresh the access token using the refresh token, the API Key, and the API Secret.
The response will have a body similar to the following:
{
"access_token":"28f88a82-a62b-4e44-9312-16a4a5d2e71c",
"token_type":"Bearer",
"expires_in":3600,
"refresh_token":"e98f372c-e5a6-49e5-ba55-a0358d877eb2",
"scope":"public_api"
}
Note that you can refresh the access token at any time before the timeout expires. The old access token becomes invalid when the new one is granted. The new refresh token supplied in the response body can be used in the same way.
In the Mobile SDK for iOS the refreshAccessToken method of the OAuthHelper class is used.