*Please note this development has now been put on hold until later on in the year. Token expiration will continue to work as it does today. We will advise all our API clients and give notice prior to development work starting on this. We apologise for any inconvenience this may have caused *
From Collaborate version 4.4 the option to set access token expiration for three months, six months or a year has been removed. The reasons for this are to avoid situations where an access token and refresh token both expire at the same time and also because access tokens become less secure the longer expiration they have.
The maximum the access token can be set from version 4.4 is one month. Any existing API tokens configured to expire after a month will expire and the access token configuration for API application registration will be reset to expire after a month.
An API client who has already coded the OAuth workflow correctly should have no problem with this change as the refresh token should be used to obtain the access token on expiration. Any API clients who have not coded the refresh token workflow will need to implement the refresh token workflow or manually generate the access token to allow their application to continue working.
Please let us know if you have any concerns about this change.