Tokens expire after 3600 seconds (one hour). For long-running scripts or scheduled jobs, build in token refresh logic rather than assuming a token fetched at startup will remain valid.

Keeping credentials safe

• Never hardcode credentials in source code
• Store them as environment variables or in a secrets manager
• Never commit them to version control