Hi there!
You are correct. The access token has changed a tiny bit. We’ve changed the first four bytes to contain some originating information. The length should remain the same, and all of the characters used should be url safe. I do apologise for the issues you are having.
The change recently modified the first four bytes of the token to include characters from the BASE64 alphabet as well as padding characters (one or more “=”). However, access tokens should always be treated as strings and used as a string identifier.
The access token response is
{
"access_token":"A5c=otnFZFEjr1zCsicMWpAA",
"token_type":"bearer",
"expires_in":3600,
"refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
"refresh_token_expires_in":777600
}
And the access token encoded in a JSON key-value pair. Ideally, with whatever implementation of a JSON parser you are using, you just look up the key “access_token” and accept and store the value of that key. I hope that helps.
Cheers
Phil Muldoon
Senior Engineer, API/Core Services