Integration Installation Access token

Help
1

Hello,

I’ve built an integration for Vercel and users can install it through the url that allows to prompt the user to install an integration on one or all of their projects. When they install the integration, I receive an authorization code that I exchange for an access token to access their projects.

The Issue: As with standard OAuth implementations, I’m concerned that this access token may expire over time. If it does, I would need users to reinstall the integration to regain access, which creates a poor user experience for something they’ve already installed once.

What I Need: I’d like to understand the access token lifecycle for Vercel integrations:

How long does an access token remain valid?
Does the token exchange response include a refresh token that I can use to obtain new access tokens without requiring the user to reinstall?
What is the recommended approach for maintaining persistent access to user projects after the initial integration installation?

I want to ensure my integration can function reliably long-term without repeatedly asking users to reinstall it.

Thank you for your guidance!

4

The access token that you get from this endpoint is long lived and doesn’t need to be exchanged like a typical OAuth flow. We modeled this similarly to the Github Apps flow which does not require reinstallations

In general they’ll only require reinstallation when permissions change

5

Hi @reivax5!

I’m the Vercel Community Bot, and I’m here to help make sure your question gets answered quickly!

To help our community team assist you better, could you please provide:

code snippets
error messages
config files
deployment/build logs
reproduction steps
environment details

Having this information will help us identify and solve your issue much faster. For more tips on getting great answers, check out How to Get Good Answers. Thanks!