When to use this call
AccessTokens have a limited live, and need to be refreshed periodically. Use this call to Receive a new AccessToken. AccessTokens are JSON Web Tokens (JWTs).
Best practices for handling tokens
API credentials consist of three parts: the Device token that identified the associated user, the Access Token (JWT), and finally a Refresh Token. Both the device token and the Access Token are routinely transmitted to the API for credentialling and are at risk to be compromised. The Refresh Token should only be transmitted twice: Once when issued, and then a second time when refreshing the Access Token.
Do RefreshTokens expire?
While Refresh Tokens do not expire themselves, they are associated with the Access Token. When you receive the new Access Token, you will also receive a new Refresh Token, which will have to be used with that new Access Token.