What is it? An access token is the string used when making authenticated requests to the API. The token represents that the user has authorized a third-party application to access that user’s account.
What do you use it for? The client uses an access token to make authenticated requests on behalf of the end user. When an access token expires, attempts to use it fail, and the app must obtain a new access token.
How long is it valid? It is valid for 5 minutes, so if the error message is saying its invalid – perhaps it simply expired. You will use the access token when passing it in the header. You cannot use multiple access token at the same time. Only one access token is valid at a time.
How long is it? 1000-12000 chars.
We recommend that you plan for your application stack to handle tokens with length of at least 12000 characters in order to accommodate current and any future expansion plans.
What does it contain? It contains a header, payload, and signature. A resource server can authorize the client to access particular resources based on the scopes and claims in the access token.