Refresh before expiry: You can only refresh a token that has not yet expired. Once a token expires, you must go through the full OAuth flow again via
auth/getToken. Schedule this node to run every 50 days — well before the 60-day window closes.
When to Use
- Scheduled token maintenance: Run every 50 days on a cron schedule for every active Instagram account integration to prevent token expiry and maintain uninterrupted automation.
- Pre-operation token check: Before executing a critical workflow (e.g. publishing a time-sensitive post), refresh the token if it is within 10 days of expiry to avoid mid-workflow authentication failures.
- Multi-tenant token management: In a platform with many connected accounts, run a daily scheduled workflow that identifies tokens expiring within 15 days and refreshes them proactively.
- Post-incident recovery: After an infrastructure outage that prevented scheduled refresh, run an emergency refresh for all affected account tokens before resuming automated workflows.
- Token health monitoring: Include refresh in your weekly account health check workflow alongside verifying that workflows are executing successfully.
Configuration
Operation
| Field | Required | Description |
resource | Required | Must be auth. |
operation | Required | Must be refresh-token. |
longLivedToken | Required | The current valid long-lived access token to refresh. Retrieve from BizFirst Credentials Manager. |
Sample Configuration JSON
{
"resource": "auth",
"operation": "refresh-token",
"longLivedToken": "{{ $credential.instagram.accessToken }}"
}
Validation Errors
| Error | Cause |
longLivedToken is required | longLivedToken field is missing or empty. |
| Graph API error 190 | Token is expired, revoked, or invalid. Full re-authentication required. |
| Graph API error 463 | Token cannot be refreshed yet (minimum 24-hour interval between refreshes). |
Output
Success Port
| Field | Type | Description |
status | string | "success" |
accessToken | string | New long-lived access token with reset 60-day expiry. Update in BizFirst Credentials Manager immediately. |
tokenType | string | Token type — typically "bearer". |
expiresIn | number | Seconds until the new token expires (approx. 5,183,944 = 60 days). |
payload | string | Raw JSON response from the Graph API. |
Error Port
| Field | Type | Description |
status | string | "error" |
errorCode | string | Graph API error code. |
errorMessage | string | Error description. |
payload | string | Raw error response. |
Sample Output JSON
{
"status": "success",
"accessToken": "EAABsbCS4sZBwBOZBqkNEW...(refreshed long token)",
"tokenType": "bearer",
"expiresIn": 5183944,
"payload": "{\"access_token\":\"EAAB...\",\"token_type\":\"bearer\",\"expires_in\":5183944}"
}
Expression Reference
| Expression | Value |
{{ $output.instagram.accessToken }} | New token to store in Credentials Manager |
{{ $output.instagram.expiresIn }} | New expiry duration in seconds |
Node Policies & GuardRails
- Update stored token: The next node after a successful refresh must update the token in BizFirst Credentials Manager. If the refresh succeeds but the new token is not stored, the old token will expire and automation will fail.
- Schedule on 50-day cycle: Create a cron job set to run every 50 days per connected account. Do not rely on 60-day cycles — network delays, infrastructure issues, or bank holidays can cause the job to run slightly late.
- Expired token fallback: If this operation fails with error 190 (token expired), route to an error notification workflow that alerts the account owner to re-authenticate via the OAuth flow.
- 24-hour minimum interval: Instagram enforces a minimum 24-hour period between token refreshes. If you call this twice within 24 hours, the second call fails. Build idempotency into your refresh scheduler.
Examples
Scheduled 50-day refresh cron
{
"resource": "auth",
"operation": "refresh-token",
"longLivedToken": "{{ $credential.instagram.accessToken }}"
}
// On success: update Credentials Manager with new accessToken
// On error 190: trigger re-authentication notification to account owner
Pre-operation token freshness check
// Conditional: if token age > 50 days (calculated from stored creation timestamp)
{
"resource": "auth",
"operation": "refresh-token",
"longLivedToken": "{{ $credential.instagram.accessToken }}"
}
// Update stored token, then proceed with the actual Instagram operation
Before executing a high-priority scheduled campaign post, checks whether the token is more than 50 days old and refreshes it if needed, ensuring the subsequent publish operation succeeds.