Authorization flow for non-expiring access tokens

All API requests require an access token. The access token contains information about which scopes the user has authorized, and which API calls your application is permitted to make on the user’s behalf. You can select to use an expiring or a non-expiring token while creating your app. You cannot enable, disable, or update this setting after you create your app.

Here’s a summary of the steps involved in the OAuth authorization flow using non-expiring access tokens:


REST API OAuth authorization flow

Here’s a summary of the steps involved in the authorization flow for non-expiring access tokens:

  1. Create authorization request link
  2. Request user for authorization
  3. Exchange authorization code with access token
  4. Use token for REST API requests