We got a lot of question from you asking this:
I'm creating the server-to-server application that will work without human interaction, is there a way to obtain permanent access token?
The short answer is - no.
The detailed answer is:
we are not going to make oAuth2 access token non-expiring, moreover you should properly handle this situation as we can shorten the access token life period.
But there is no problem with this as you can anytime generate new access token to use.
Along with your access token the API 3 always returns the time it will be valid and refresh token you can use to automatically obtain a new access token just before the old will expire or as soon as it has expired.
When you need to get new access token you have to send POST request to the renewal endpoint URL: http://api3.stex.com/oauth/token with the following parameters:
'grant_type' => 'refresh_token',
'refresh_token' => 'your-refresh-token',
'client_id' => 'your-client-id',
'client_secret' => 'your-client-secret',
'scope' => 'trade | profile | reports | withdrawal | push', - the same or an subset or initial scope requested
You can also refer to our clients written in several languages, all of them have the token refresh functionality:
node js: https://github.com/StocksExchange/nodejs-client/blob/master/lib/v3/refresh.js#L77