Hi @DonnaH072,
The reason our oAuth was designed this way is for security reasons. If an Access Token is compromised it will expire in a relatively short amount of time so the potential "damage" that can be caused is minimal.
You are very close to using the oAuth flow how we intended it to work. You are manually getting a new Access Token every two hours. We actually intended for the Allow button to be clicked once, generate the first set of Access/Refresh Tokens, then store those tokens to be used.
When the Access Token expires (between two hours and twenty-four hours later) then you use the Refresh Token to generate a new Access/Refresh Token set, delete the old set and save this new set. This is the Step 5 in the server oAuth flow.
... View more
