There's a couple of answers that explain that access_tokens expire after a year. And there is another question which indicates that tokens can be black listed individually if suspicious activity is detected.
I have been playing around with our merchant, specifically with push notifications, and I've found a couple of times today that tokens have expired within about an hour. I'm wondering are there any other rules that could be invalidating tokens that haven't been documented yet?
- What corresponds to "suspicious activity"? (burst rates etc) see: https://devask.clover.com/question/42...
- Is there a limit on the number of tokens that can be live for a merchant?
- Token's are merchant specific and app specific. Are they app version specific?
- We've noticed tokens expiring every day for us - if you uninstall and reinstall an app - will the old token still be valid, or is it unset by an uninstall?
- Is there a process for requesting rate limits on a case by case basis?
- What effect do permissions and modules have on the access_tokens