+ Start a Discussion
Waqar Hussain SFWaqar Hussain SF 

"Session expired or invalid" error while integrating Salesforce with external system using REST API

Hi All,

Hope you will be fine. 

We have developed REST webservices in Salesforce and then calling these APIs from External system (Wordpress/PHP) using OAuth 2.0. We have created an app in salesforce as required.

We are encountring an issue that sometimes our access token get expired. We are unable to find that why the access token is expiring. Sometime access token expires within a day and sometime the access token works for couple of weeks.

You can see my app setting in Salesforce. 
User-added image

REST App setting in Salesforce
User-added image

I read some articles where it is said that the access token expires based on the user count but I always see 1 in user count. (see image in new tab)
User-added image

How can I prevent expiring access token???

Any help would be appriciated. Thanks for reading over my issue.

Vinod ChoudharyVinod Choudhary

Is the access token or refresh token changed or expired in a specific time like (60 min) etc. ?
If yes then you can create a object and set a scheduled job to update the access token or refresh token in every 60 min or whatever time it's going to be expired.


Waqar Hussain SFWaqar Hussain SF
Hi Vinod,

Thanks for your reply. Yes, the access token expires but not in specific time. Sometime it expires after a day and then we update the access token. And then again it gets expired after a couple of weeks. There is no specific time of access token expiration.

This is the issue that the access token expires without any specific time and we are unable to find the reason of expiring the access token. 

Vinod ChoudharyVinod Choudhary
Hi Waqar,

Is the access token change every time after expiring?
Waqar Hussain SFWaqar Hussain SF
Vinod ChoudharyVinod Choudhary
Create a custom object and set a scheduled job to update the access token and use this in your API, it will resolve your issue.
As you Said you don't know the exact time when it Expired, in this case, you  need to find the minimum time and set the scheduled job.

I had the same issue but in my case, i know the time when it going to be expired :)

Hope this help.. maybe you got the better solution, If so please do let me know :)

Waqar Hussain SFWaqar Hussain SF
Basically we have developed REST API in salesforce and calling these REST API from external system i.e. wordpress. So the access token/refresh token in generated on the external system using OAuth 2.0 and then we use the access token to make requests to Salesforce REST web service. 

So I think, your solution will not work here to update access token via schedule apex.

What I have in my mind that we will have to put an extra check to all requests that are going salesforce that every time before requesting to salesforce, we should check if the token has expired refresh the token and then request to Salesforce with updated token.
Nishant_Jadav SFNishant_Jadav SF
Hello Waqar,

I came across this question on StackOverflow:  https://salesforce.stackexchange.com/questions/73512/oauth-access-token-expiration have a look, it might help you. Please let us know the solution if it works out.
Waqar Hussain SFWaqar Hussain SF
Hi Nishant, 

I have already looked into this article.

So the conclusion is, there is no way to know how long the access token will work. For each request we will have to check if the service is throwing exception that the session is expired then refresh the access token and use the updated token otherwise keep calling the web service. 

Let me know If you guys have ever any better solution for that. 

Rolando RodasRolando Rodas

Hi. I would like to know if I can know at what time the token expires, where the access token time can be extended.