access_tokenis a token used to make API requests related to a specific Item. Access tokens do not expire, although they may require updating. For example, updating is needed when a user changes their password or when working with European institutions that comply with PSD2's 90-day consent window. For more information, see when to use update mode.
If compromised, an
access_token can be revoked via
/item/access_token/invalidate; this endpoint returns a new
access_token and immediately invalidates the previous
access_token. If no longer needed, it can be revoked via
If, for any reason, an Item ever does need re-authentication, any API call will return the
ITEM_LOGIN_REQUIRED error. To track items that go into this error state, you will want to implement webhooks.