Get Access Token Time Left

I’m a super noob when it comes to web development… So i’m just copy pasting the interactive rest api code that is generated into my Unity application. (so far works great) I’m able to get any data required into my app using the string with a pre generated token. My plan is to send users to a safari window to grab a token if the current one is not active. If the time left is very low tho i would like to refresh it. Is there a way to ask for the time in seconds left on a token? (if not i can save the date time and do a calculation no biggy)

Welcome, Lyndi!

When you are issued an access token (either the first time or at additional refresh) you’ll get an expiration time in the response. You can just store that and check to see if it’s reasonably close to expiring to determine if you should do a preventative refresh.

Not sure if this is in your wheelhouse but im having this issue

Not sure from your description, but the most common issue people learning to use oauth come up with is mistaking the auth token to be the access token. The auth token only authorizes you to request the access/refresh token pair. See my vid on the subject:

Additionally, access tokens are supplied via a header on the request, not as a queryparam.

ie “Authorization: Bearer accesstoken”

Well I’m trying hooking everything up without redirecting to safari.
Following this OAuth2 Authentication - Keap Developer Portal
Not seeing the code url parameter that’s supposed to be return in Request Permission
gets me this returned as headers.

Your image shows DENY so there are a few possible reasons for that:

  1. As I mentioned above, using the auth token instead of an actual access token
  2. The access token has expired (they’re only good for 24 hours and the refresh token must be used to get a NEW SET of tokens).
  3. You’ve requested another set of token but are using the previous one. While the time may not have run out on a token, when you request or refresh the tokens, the previous ones become invalid and can no longer be used.

I feel like we may be talking past one another. Here’s where I am.

Using an Access Token in my app to access data with the rest api works fine (step 3 as marked in your video).

I’m trying to automate the OAuth process so that an admin can enter the ID and secret in the app just once and then be able to access the data.

As I mentioned above, using the auth token instead of an actual access token

-I don’t understand this as I’m trying to get the Auth Token not use one. The snip above was created by using
WWWForm form = new WWWForm();
string uri = “” + PlayerPrefs.GetString(“AccessToken”);
uri = Regex.Replace(uri, @“[^\u0000-\u007F]+”, string.Empty);
UnityWebRequest www = UnityWebRequest.Get(uri);
and it worked so I know that I’m not using the Auth code/token instead of the Access Token

2.The access token has expired

-again im not using an access token I’m trying to get one.

  1. You’ve requested another set of token but are using the previous one

-That is good to know thank you.

From my understanding via these docs Request Access
I first have to request a code from
then I use the code returned from that to request the actual Access Token/ Refresh Token (

So the snip above was in reference to that first step at /oauth/authorize and how to get the code that will allow me to request a token.

My request looks something like
WWWForm form = new WWWForm();
form.AddField(“clientId”, “ID”);
form.AddField(“clientSecret”, “secret”);
form.AddField(“redirectUri”, “”);

Don’t know enough about the tool you’re using and my experience is that OAuth can only be effectively managed with code (tools don’t ‘generally’ account for it’s use very well). You wouldn’t be able to have and admin set it ONCE and not have to keep doing it…that’s one of the common complaints but that’s part of the security and the process. Maybe your tool can do it though? Generally, it’s a lot less time consuming and less expensive (when you consider the value of your time) to just hire someone to setup endpoints that you can use as a single sign on rather than keep wrestling for it for days/weeks with a tool that, to my knowledge, hasn’t ever been work out or even tried before.