Translate
Hi James,
If you have registered a valid application then an initial authentication flow (requiring username and password) will return an access-token (valid for 20 minutes) and a refresh-token (valid for 90 days). The refresh-token can be exchanged for a new access-token and refresh-token without supplying the username and password and without concern for an expired password. This is standard OAuth2. Increasing the lifetime of an access token increases the risk of a compromised token being used to access data.
A persistent token (i.e. with no expiration) would be a security flaw in the application and is not something that we would be prepared to implement.
I hope this helps to move you forward with your integrations.
David
