Attention: this article is only related to the applications that use Authorization Code Flow (e.g. web-based applications, telegram bots and other interactive applications). It is NOT related to the applications that use server to server tokens (like trading bots, etc).
When using the Authorization Code Flow and API3 client you have to maintain the access token expiration properly. This article describes how to do this. This article is not related to S2S tokens.
Along with your access token the API 3 always returns the time it will be valid and refresh token you can use to automatically obtain a new access token just before the old will expire or as soon as it has expired.
When you need to get new access token you have to send POST request to the renewal endpoint URL: http://api3.stex.com/oauth/token with the following parameters:
'grant_type' => 'refresh_token',
'refresh_token' => 'your-refresh-token',
'client_id' => 'your-client-id',
'client_secret' => 'your-client-secret',
'scope' => 'trade | profile | reports | withdrawal | push', - the same or an subset or initial scope requested
You can also refer to our clients written in several languages, all of them have the token refresh functionality:
node js: https://github.com/StocksExchange/nodejs-client/blob/master/lib/v3/refresh.js#L77