Requirements and limitations

Token management

Access tokens expire after 14 days (336 hours).
Refresh tokens expire after 60 days (1440 hours).
Tokens must be stored securely and should never be exposed to end users.

Application approval

Sandbox applications can be created and tested without approval.
Live applications need to be submitted for review before going live.
Each environment (sandbox/live) requires a separate application.