Hello,
We use current OAuth standards for security purposes. Access tokens are good for up to 24 hours. Refresh tokens don't expire, but will become invalid if they are used or if the initial authorization flow is completed again. If you could use the same refresh token over and over, that kind of defeats the purpose of having a rotating access token.
When you use your refresh token, you get a new access token and a new refresh token as well. You then use the new access token until it expires, and refresh using the refresh token that was given at the same time as the access token you were just using.
Typically in a situation such as yours where you have multiple users making calls for the same Constant Contact account, you would have your server control all of your calls, storing the access and refresh token, and refreshing it when needed.
Please let me know if you have any other questions.
Sincerely, David B. Tier II API Support Engineer
... View more