v1 Access Tokens

v1 access tokens will be deprecated in the future and we recommend migrating your application to use v2 access tokens. Please see here for a migration guide.

The authorization code OAuth 2.0 flow is supported to obtain v1 access tokens.

v1 access tokens never expire if obtained via authorization code flow.

PKCE is supported, and optional.

v2 Access Tokens

v2 access tokens are JWTs and currently are only issued to applications that have migrated to v2.

Only the authorization code OAuth 2.0 flow is supported to obtain v2 access tokens.

v2 access tokens expire after 24 hours, and you must implement a refresh token flow to refresh them.

PKCE is supported, and optional.