A common question after authenticating a user with MYOB and receiving the access_tokens and refresh_tokesn is "how long will the tokens last?"
Access Tokens
The access_token has a lifetime of 1200seconds from the time it was generated. That is, it will last 20 minutes before it expires and you need a new one.
To get a new one, simply use the refresh_token in a call to the MYOB authentication server. For full details on doing this, visit our guide to refreshing a token.
Refresh Tokens
The refresh_token has a lifetime. It can last for up to 1 week*¹ from the time it was generated. This gives you peace of mind that when your application needs to communicate with your users MYOB company file, you can use the refresh_token to get a fresh access_token and fetch/update the data you need.
Each time you use a refresh_token the authentication server will respond with a payload that looks like this:
{
"access_token": "AAEAALL[truncated_for_readability]DW",
"token_type": "bearer",
"expires_in": "1200",
"refresh_token": "_hO1!I[truncated_for_redability]wPQ",
"scope": "CompanyFile"
}
We always recommend updating the stored refresh_token because it can change, and this is where the MYOB authentication server would give you a fresh one.
*¹: 29/01/2020 - Updated from 1 year to 1 week
Comments
1 comment
After the first leg of oauth2 how long can you keep refreshing that auth token? Indefinitely?
Please sign in to leave a comment.