When I have multiple users of my web app that use the same Merchant ID, I will generate an OAuth token for each user rather than reusing the same token for each user. I believe this is the correct approach from a security perspective.
The first and second tokens for a Merchant ID work fine with the Orders API. However, the second token fails with a 403 error when used in the Export API.
The first token works fine with the Export API. It's just the second (and subsequent) tokens that get the 403 error.
Any idea why this might be happening? Is it incorrect to have multiple tokens for the same Merchant ID, or should that work as described?
Any help would be appreciated!