Thank you for visiting our Partner Zone. This area is an exclusive space for MYOB Partners. Find out how to Partner with MYOB.
The refresh token will last for up to 1 year.
Each time you ask for an access token we will return a refresh token. We recommend you grab that and store it for future reference.
If you'd like more support on this please feel free to email firstname.lastname@example.org and we can help you there
I apologise; I'm so used to working with OAuth1, I did not spot this difference in behavior.
Will be calling the refresh token endpoint after expiry to persist the tokens.
When your app gets an OAuthToken for a user of your application you also get a RefreshToken that you can to get a new OAuthToken without requiring the user to log-in again.
Long time outs aren't considered secure by most implmentors, by making them short-lived reduces the time an attacker can abuse a token should they manage to steal it. Also if a user of your app no longer wishes for your app to have access to their data they can revoke your access which will then revoke your app's ability to generate new tokens.
February 2016 - last edited February 2016
Was just wondering why the access token lifespan is so short? (20 minutes)
Quickbooks lifespan is 180 days, Xero is 30 days.
Customers cannot be expected to use an MYOB function at least every 20 minutes to keep the token refreshed.
I wish to extend the token to at least 30 days. I know OAuth usually has a global setting for this, but just in case; is there any way for it to be extended on at least my product? Otherwise could you please consider drastically increasing the token lifetime, or offering an OAuth partner scope with a much longer lifetime.
Solved! Go to Solution.