I'm building a public app with an app extension, and I need to keep every stores' access tokens in my database.
Do access tokens change, (do I need to listen to some webhooks?) or are they permanently usable?
Solved! Go to the solution
This is an accepted solution.
You can store access tokens, they do not change unless the merchant uninstalls your app, at which point the token is invalidated and you won’t be able to make any further API calls.
You need to make sure you subscribe to the app uninstall webhook to clean up your app and remove the token from your database, however. As one requirement for the app passing the review is that the app can be uninstalled and reinstalled again without any issues. Storing the token and keeping the shops details in your database will likely cause issues when the merchant goes to reinstall unless you have logic to handle this.
Hope this helps!