Xero API Token Refresh Issues:
During the performance issues experienced between Sunday 11 March 23:30 (UTC) & Monday 12 March 00:40 (UTC) Xero API partners using the Partner App experienced issues with access token refresh requests.
Due to the performance issues, in many cases during a access token refresh request, a new token was generated, but not returned. This resulted in many partners receiving the following error responses with HTTP 401 response code.
oauthproblem=tokenrejected&oauthproblemadvice=Token THISISANCCESSTOKEN does not match an expected REQUEST token
oauthproblem=tokenrejected&oauthproblemadvice=The access token is not valid
To resolve this issue for partners, without requiring users to re-authenticate, Xero has implemented a “Token Amnesty”.
The token amnesty began at Monday 12 March 23:30 (UTC). An end date for the amnesty has not yet been set, but is estimated at 3 - 7 days.
During the Token Amnesty period, any access token refresh requests with an invalid access token, but a valid session handle, will respond with a valid access token.
A valid session handle is always required for access token refresh requests, so no changes are required from partners.
If you have Xero Orgs that were disconnected during this period, please retry the access token refresh request in order to receive a valid access token.
After the token amnesty period is complete, any disconnected Xero Orgs will require re-authentication in order to generate a valid access token.