I am using InfusionSoft's API to save the contents of a form that is filled out on a website. The API uses OAuth, and from what I can tell there isn't a way to have a life-long session.
The way the OAuth appears to work is that it is designed for a user to login if their session has expired, just like logging into a website. This obviously isn't suitable for an API, but I'm sure this isn't an unusual requirement.
I have an initial token, but after that expires, what then? The only thing I can think of is to have a cron job that runs hourly to refresh the access token (there is a 'refreshAccessToken' method).
You need to store both the Access Token (short term - it is live for 24 hours) and the Refresh Token (long term).
You will only need to call the refreshAccessToken method at the start of each session. That method will return both a new Access Token and a new Refresh Token.
Use the new Access Token for the current "session" when making API requests. The Access Token will be valid for 24 hours (this changes from time to time).
Store the new Refresh Token and use it again for your next session.