In an effort to be helpful I'll document my findings here. Access tokens do not expire two hours after they're used. Access tokens expire in 24 hours and I suppose that is that. I successfully used the same access token for API calls multiple times well over two hours without ever refreshing it. So when (and how) should you refresh access tokens? You could check if the access token is expired and refresh it (if need be) every time you make an API call. That could work, but you could potentially run into a situation where the refresh token actually expires. If that happens your API call will fail and you'll need to request authorization again to get new tokens. Refresh tokens expire after 180 days. That's a lot of time, but imagine you build a simple email opt-in form that uses the API to add contacts. Say that's on a website that doesn't get much traffic. 180 days could pass without a single user filling out the optin form. That piece of functionality will no longer work and you probably won't know about it. Because the refresh tokens expire, the safest bet is to schedule a task (cron job) to run a script that will refresh the access token say every 12 hours. I hope others find this helpful.
... View more