Standard practice is to also capture the refresh token, then store both the access token and refresh token with the date/time and time to live in a database table. Using the refresh token before the access token expires (refresh tokens are good for six months) which will return to you a completely NEW set of refresh and access tokens. You would then update the database table with that new information and repeat this before the 24 hours on the access token expires. If you run a service on a schedule once every hour, and check that the token will expire in four hours or less, then use the refresh token as described above, then you’ll only need your code to read the current access token from the database when needed and you won’t have need to re-authorize them. I have a video that covers this and other details around using OAuth with Infusionsoft.