Storage
An access_token is your key to retrieving data on behalf of an item, a set of credentials at a financial institution. access_tokens are obtained by exchanging a public_token, which you receive from Plaid Link, via the /item/public_token/exchange endpoint.
A public_token expires after 30 minutes and is usable only once; after it has been exchanged for an access_token (or used to initialize Link in update mode), it will no longer be valid. Thus, the public_token does not need to be stored after it is used.
An access_token, however, does not expire, and it should be securely stored. For security reasons, you may rotate an access_token, which invalidates it and returns a new access_token. This new access_token can be used to make requests on behalf of the item to which the original access_token corresponded.
For security reasons, Plaid does not offer an endpoint that returns a list of your items or access_tokens.
Removal
See the our article Access_token and Item FAQ > How do I remove an item.