2 min read
What triggers it
The OAuth access token has expired. Using a bearer token past its lifetime on the partner plane.
Example response
{
"error": {
"type": "authentication_error",
"code": "token_expired",
"message": "The OAuth access token has expired."
}
}
How to fix it
Refresh the token and retry with the new one.
This is deterministic; fix the cause before resending. See the error code catalogue for related codes.
In practice
In a well-built client, token_expired is handled by branching on error.code rather than on the human error.message, which may be reworded over time. The HTTP status (401) gives the broad authentication_error class; the code gives the specifics; and, on field errors, error.param pinpoints the input to fix.
This code is deterministic — retrying the identical request reproduces it — so keep it out of your retry path and instead map it to a clear, actionable message. See Map errors to user-facing messages and Read the error envelope for the pattern.
Frequently asked questions
Is token_expired safe to retry?
No. Retrying the identical request reproduces the identical error. Fix the cause first.
Will this code ever change?
No. Error codes are stable contract; only the human message may be reworded.
Do I branch on the code or the HTTP status?
Both — status for retry-or-not, code for the specific behaviour. See the error envelope.
Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.