Hero Banner

Secure Application Model

Learn and ask questions on how to implement secure application model

Level 1 Contributor

400 Bad Request Error while retrieving access token

Hi Microsoft Team, 


We are a CPV and couple of our customers (Partners) are receiving Bad Request error while attempting to authenticate using the refresh token acquired through the consent process. 


Judging by the timing (they had done the consent end of Jan/start of Feb), we strongly suspect that these errors are because the refresh token has expired. 


Our understanding is that the refresh token had sliding window expiration and we use the refresh token every day to perform operations with Partner Center Api.   Can you please confirm if the refresh token has sliding window expiration?  If yes, then why would partners get 400 error all of a sudden. Also, what are the best practices of maintaining the refresh token?  eg:- can we use the existing refresh token to request a new refresh token periodically.  




Level 2 Contributor

Hi @Vinay ,


1. You need to refresh your refresh token every 90 days

2. You are 100% correct - you can keep refreshing the refresh token from the refresh token see below for more details:


Level 1 Contributor

We also noticed that while retrieving the access token using the refresh token, we also get a new Refresh Token as part of the response. 


So, should we use the new Refresh token and discard the old one?  How often do we do this? What is the best and recommended practice around this.