Step 4a: Refresh the access token

When an authorization code is exchanged for an access token, many API providers will issue short-lived access tokens even if they support long-lived “offline” access to their APIs. Although these access tokens have a limited lifespan, two additional parameters may be included in the response to enable long-lived access: expires_in and refresh_token.

If included in the response, expires_in indicates the remaining lifetime of the access_token, specified in seconds. When the access token expires, the refresh_token parameter can be used to obtain a new access token.

If trying to optimize for latency in your application, it’s best to store the access token along with the time when the access token expires. When making an API call, first check to see if the current time is greater than the expiration time. If so, refresh the access token first, instead of waiting for the API server to reject your request because of an invalid access token. This will result in reduced latency because of fewer HTTP requests being made when the token expires.