Access token: 2 hours
Refresh token: No expiry period

When using the authorisation code grant, Zepto will return a refresh token along with the access token. Access tokens are short-lived and last 2 hours but refresh tokens do not expire.

When the access token expires, instead of sending the user back through the authorisation flow you can use the refresh token to retrieve a new access token with the same permissions as the old one.

It's important to note that the refresh_token  gets regenerated and sent alongside the new access_token . In other words, refresh_tokens are single-use so you'll want to store the newly generated refresh_token  every time you use it to get a new acccess_token

Feel free to reach out if you have further questions by emailing us directly at support@zepto.com.au or clicking on the blue bubble icon from the corner of the screen.

Did this answer your question?