If unsuccessful, the server returns a HTTP error status e.g. 401and the cause of the error in json format. The content varies depending on error e.g. this is what you get if username/password don't match:
"error_description": "Invalid username or password.",
"warning": "You have 9 attempt(s) remaining"
The access token will expire after 24 hours. If you make a request after the token has expired, the service will return a status of 401 (Unauthenticated) and the following response:
"detail": "Authentication credentials were not provided."
When you receive an unauthenticated status, request a new access_token by sending a POST request containing the refresh_token you were sent when you first authenticated in the body of the message. Send the request to the same URL as previously used but this time the Body should contain the refresh_token:
The previous access_token and refresh_token should be discarded and the new ones used until the access_token expires again. Note that refresh_tokens are single use – once used they are invalidated and cannot be used again. If the refresh_token request fails, the web service will return a status of 401 and the following content: