I am using API authentication and Access token with refresh token. Could you please let me know Access token expiration timeline and Refresh token expiration time line . Since different are setting different time line . Best practice please let me know for access token and Refresh token expiration
This depends on your security context. If your data is very valuable, short expirations are required. If you have high traffic, longer expirations may be required to avoid hitting rate limits on getting new tokens.
But mostly, this is something you have to evaluate yourself, knowing all the context, to figure out the best answer.