The two complimentary strategies that developers MAY consider when handling expired tokens are as follows:

1. Track the creation of the OAuth access token and use the refresh token at appropriate intervals, based on the OAuth access token creation time, in order to generate a new OAuth access token before the expires_in PARAMETER VALUE for the current OAuth access token has elapsed.

Capture the response with the HTTP Status CODE of 401 Unauthorized and invoke logic that retries the appropriate Get Access Token method request, as follows:

• Generate a new OAuth access token.
• Use the new OAuth access token to resubmit any previously failed method requests that failed DUE to an expired OAuth access token.

In the future, AT&T may change the default values of the expiration parameters for the OAuth access token and refresh token. So it is strongly advised that you always check the expires_in parameter value that is returned with the response to the Get Access Token method call.

The two complimentary strategies that developers may consider when handling expired tokens are as follows:

Capture the response with the HTTP Status code of 401 Unauthorized and invoke logic that retries the appropriate Get Access Token method request, as follows:

In the future, AT&T may change the default values of the expiration parameters for the OAuth access token and refresh token. So it is strongly advised that you always check the expires_in parameter value that is returned with the response to the Get Access Token method call.