Configuring Access Token Policy
You can configure the access token policy, such as the default and upper limit of the expiration period and if you want to use the refresh token.
See Logging in and Using an Access Token for the overview of the access token. For the overview of the access token expiration period and refresh token, see Expiration Period of the Access Token and Refreshing the Access Token.
How to configure
Here are the steps to configure the policy:
Click the gear icon in the upper-right corner, and then click the "Settings" button.
Select "SECURITY".
Configure the access token policy.
The following three values are configurable.
- Enable Refresh Token: If you are going to use the refresh token or not. The feature is OFF by default.
- Default expiration period in minutes: The default expiration period applied when APIs are called without any expiration period specified. The default value is 35791394 minutes.
- Maximum expiration period in minutes: The upper limit of the expiration period allowed in this application. If you try to get an access token with longer expiration period than this value, you will get an error. The value specified in "Default expiration period in minutes" must be smaller than or equal to this value. The default value is 35791394 minutes.