Find Expire Time for an access token

Question

Is there any way to use the graph api to find out when a page access token, or application token will expire?

Answer 1

Try this, it worked with me. Get the token with your app and paste it in the graph explorer as the token to be used for queries. Click on the info a see the expiration date. example image

I hope it works for you too.

Answer 2

There is now an API version of the debugger tool.

See https://developers.facebook.com/docs/authentication/access-token-debug/

Answer 3

https://developers.facebook.com/docs/facebook-login/access-tokens/expiration-and-extension

From the page above:

Access tokens on the web often have a lifetime of about two hours, but will automatically be refreshed when required. If you want to use access tokens for longer-lived web apps, especially server side, you need to generate a long-lived token. A long-lived token generally lasts about 60 days.

Answer 4

Access Token Debugger

https://developers.facebook.com/tools/debug/access_token

Does not use the Graph API... but a very useful tool for manual debugging.

Answer 5

Update: There is a new API endpoint to access information about an access token. You can find info here: Debugging Access Tokens and Handling Errors

https://graph.facebook.com/debug_token?input_token=INPUT_TOKEN&access_token=ACCESS_TOKEN

• input_token: the Access Token to debug
• access_token: your App Access Token or a valid User Access Token from a developer of the app.

--

You should try to make sure that you store each token's expiration time along with the access token when you get it. For a page access token, that means storing the expiration time of the user access token. If you would like to manually discover expiration times for tokens you have today, you should use Facebook's Access Token Debugger tool. However, you should not be relying on expiration times alone -- in practice, many tokens will expire much earlier than their expiration time.

Application access tokens will never expire, unless the application secret key is reset.

Page access tokens last up to 60 days (5184000 seconds), but more importantly, they last as long as the user access token that was used to acquire them. So they will be invalidated as soon as the user that you got them from:

• logs out of FB.
• changes password.
• deauthorizes your application.

Basically, when you lose the user's token, you will lose the page's token. Instead, you should retrieve page access tokens once per user access token. If you throw out a user access token, throw out the page token. You should not be trying to store page access tokens for any significant period of time. Instead you should get them as needed and forget them when a user's session dies.

To get a new page access token:

https://graph.facebook.com/PAGEID?fields=access_token&access_token=USER_ACCESS_TOKEN

Answer 6

I would like to repeat this question for the current version of the API since I've come to a situation when Facebook doc clearly does not describe what is happening:

• no expiry dates when requesting a new long-lived token with fb_exchange_token
• no expiry dates when requesting debug_token information (expires_at = 0)
• it does reply with an expiration date when redirecting the user to the auth page for the first time, but that does not help as I cannot extract the long-lived expiration date nor it will reply with this information for the second time

The debug tool here: https://developers.facebook.com/tools/debug/accesstoken says "Expires: Never".