We strongly recommend automating the JWT refresh so that bots do not make calls with a stale token.
Refresh the JWT used for HTTP authentication to Bot APi v3 by making a PUT request to
The call returns a new token with a new expiration stamp (
expiresAtMillis). The token may be refreshed at any time prior to expiration. Once an old token is submitted for a refresh, it will remain valid for a grace period of 10 minutes. Once the 10-minute window passes, only the new token returned by the call will be valid.