Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > API Authentication >

Access token - 30 minute expiry from?

Started by Gareth @AbleAndGame -   in API Authentication

Is the 30 minute expiry on an access token taken from the time of the initial grant of the token or from the last use of the token to access the API. Is the 30 minute countdown reset on each API call?

The access token expires 30 minutes from the initial grant of the token.

if you've included the offline_access scope in your Authentication, you will receive an Access and a Refresh Token. Refresh Tokens can be used to refresh Access Tokens, without user intervention.

Refresh Tokens are single use, and will last for 60 days or until used. On a Refresh Call you will receive both a new Access Token and Refresh Token, allowing you to use the new Refresh Token on your next Refresh Call. In case a response is lost, Refresh Tokens also have a 30 minute grace period where the same token can be used as many times as you require in the first 30 minutes after their first use.

Sally C (Community Manager)  

Great. Thanks for the info :-)

Gareth @AbleAndGame