FunnelFlux Pro uses short-lived access tokens for API authentication. Most API requests should include an Authorization: Bearer ACCESS_TOKEN header.
Use the access token validation endpoint to check whether an access token is still valid and to refresh it when required. Access tokens expire after 72 hours. When an access token expires, submit the expired access token together with a valid refresh token to receive a new access token and expiry time.
Store the updated access token returned by the validation endpoint and use it for future API requests. Do not rely on a single long-lived access token.
Refresh tokens are currently issued through Auth0. Due to Auth0 limitations and tenant policy, a refresh token may eventually expire or become invalid, requiring a new refresh token to be generated from the FunnelFlux Pro user interface. This should be uncommon, but integrations should handle this case and prompt for reauthorization when token refresh fails.
FunnelFlux Pro will migrate to a new authentication provider in the near future. Authentication APIs and token handling will change during that migration, and API clients using these endpoints will need to migrate.