OAuth gives client applications restricted access to your data on a resource server. To allow access, an authorization server grants tokens to the client application in response to an authorization. Hybrid Data Pipeline generates three kinds of tokens.
Authorization Code: This code is generated as part of OAuth Authorization grant flow. The authorization server creates this token and passes it to the client application via the browser. This code is exchanged by the client application to obtain an access token and refresh token.
Access Token: Once the application has an access token, it may use the token to access the user's account via the API, limited to the scope of access, until the token expires or is revoked. The access token expires in 60 minutes. When an access token expires, using it to make a request from the API will result in an "Invalid Token Error". The duration of validity of an access token can be modified using the System Limit API. See Limits API.
Refresh Token: If your access tokens expire, refresh tokens allow applications to continue to have access to users’ accounts without the user continually re-authorizing the application. The refresh token must be stored securely within the application. You can use the refresh token to get a new access token from the server. The Refresh token will be used to generate an Access Token. Once issued by Hybrid Data Pipeline, the Refresh token remains valid until the user revokes it.