Refresh token access token

Documentation Index

Fetch the complete documentation index at: https://help-plum.xoxoday.com/llms.txt

Use this file to discover all available pages before exploring further.

​

How It Works

1. Access tokens expire after 15 days.
2. Refresh tokens can be used to generate new access tokens programmatically.
3. When a new access token is generated using a refresh token, you will also receive a new refresh token. The old refresh token becomes invalid and must be replaced in your system.

​

Why It Matters

​

Steps to Generate a New Access Token

1. Use a previously obtained refresh token (from the initial OAuth setup).
2. Call the Refresh Token API to get:
   1. A new access token
   2. A new refresh token
   3. Expiry details for the access token in EPOCH format

{
  "success": 0,
  "error_message_id": "auth.token_error"
}

{
  "error": "invalid_token",
  "error_description": "invalid/expired token"
}

{
  "message": "auth.request_limit_exceeded"
}

​

Important Notes

1. Every time you use the refresh token, you will receive a new refresh token — always replace the old one.
2. If a 4xx error occurs, generate new tokens using the Refresh Token API.
3. Access tokens can be regenerated programmatically, but refresh tokens cannot — once expired, a new refresh token must be generated from the dashboard.
4. Xoxoday may invalidate your token for security reasons, such as:
   1. Super Admin password reset
   2. Addition of another Super Admin generating a new token
   3. Unusual number of refresh requests

​

Best Practices

1. Refresh tokens every 7 days or before your access token expires.
2. Use a CRON job or scheduler to automatically refresh and store tokens.
3. Monitor expires_in in the response to know token lifetime in seconds.