A revoked access token means that your app can no longer make API calls on behalf of a particular user. Access tokens can be revoked the following ways:
- The user logs into their WePay user settings and manually revokes your application’s access.
- Your application requests a new access token via an /oauth2/token call. Each time you make an /oauth2/token call, we revoke all access tokens that were previously issued for that user. You should only make the /oauth2/token call if the current access_token does not work.
- You register a new user via /user/register but they do not confirm their account within 90 days, and their temporary access token expires.
If you need further assistance in looking into why an access token was revoked, please contact API Support at firstname.lastname@example.org.