Token expired — what it means
Last updated: May 19, 2026
Token expired — what it means
"Token expired" can mean 4 different things in Wevion. Identify which token, then follow the matching re-auth flow. The TOKEN_EXPIRING notification (PRD-21) tells you which type when it fires. Don't ignore expiring tokens — once fully expired, the integration stops syncing / publishing until you re-authorize.
Who is this for
Anyone who got a "token expired" error OR received a TOKEN_EXPIRING notification.
The 4 token types
Type 1: Wevion session JWT
What: short-lived JWT proving you're logged in to Wevion. Auto-refreshed every ~5 minutes via /api/v1/auth/token.
Why it might "expire":
Browser was offline for a long time
Network glitched during refresh
You logged out from another tab
Session deliberately invalidated by admin (e.g. forced logout)
Fix:
Refresh the page → triggers re-auth
If that fails: re-login (email + password)
For impersonation tokens: re-login as the original admin
This is the most common "token expired" you'll see. Usually resolves instantly with a page refresh.
Type 2: Ad platform OAuth token
What: long-lived OAuth token authorizing Wevion to call Meta / Google / TikTok / Taboola / Snapchat ad APIs on your behalf. Wevion stores access token + refresh token; refresh happens automatically when access token expires.
Why it might fully expire:
Refresh token revoked (you removed Wevion from your platform's connected apps)
Account-level permission change (you removed yourself from the ad account)
Platform-enforced expiry (annual re-auth required by some providers)
Account compromise → tokens auto-rotated
Notification: TOKEN_EXPIRING (see PRD-21 ntf-103). Fires when token is days/hours from full expiry.
Fix: re-authorize via /connect/{platform}:
Meta:
/connect/meta— see meta-101 connect Meta accountGoogle:
/connect/google— see gog-101 connect GoogleTikTok:
/connect/tiktok— see ttk-101Taboola:
/connect/taboola— see tbl-101Snapchat:
/connect/snapchat
The re-auth flow opens the platform's OAuth consent screen. Grant permissions again → Wevion gets fresh tokens.
Type 3: Stripe / HubSpot / Drive integration tokens
What: tokens for non-ad integrations.
Integration | Re-auth flow |
|---|---|
Stripe |
|
HubSpot |
|
Google Drive | Service Account (env-level — admin task; not user-facing token) — see ch-108 Drive settings |
Pylon (help center) | Admin token managed externally |
These typically require admin / owner role.
Type 4: Telegram bot link token
What: one-time token for linking your Telegram to Wevion.
Why it might expire: by design — link tokens are one-time, ~10 min TTL.
Fix: trigger a new link from Wevion UI (/settings → Notifications → Connect Telegram) — see ntf-104 Telegram connect.
This is NOT a recurring token. Once linked, the link persists until you unlink. Subsequent notifications use the bot infrastructure, not the link token.
Identifying which token
From the notification
TOKEN_EXPIRING notification body includes the platform / integration name. Read it carefully.
From the error message
Error contains | Probable token type |
|---|---|
"session expired" / "please log in" | Wevion JWT (type 1) |
"Meta" / "Facebook" / "ads_management" | Meta OAuth (type 2) |
"Google Ads" / "AdWords" | Google OAuth (type 2) |
"TikTok" / "tiktok-ads" | TikTok OAuth (type 2) |
"Stripe" | Stripe integration (type 3) |
"HubSpot" | HubSpot integration (type 3) |
"telegram" / "deep_link" | Telegram link token (type 4) |
From the cluster
If you're working in Ads Manager / Analytics / Campaign Creator when error appears → likely platform OAuth (type 2). If in /chat → likely Wevion session JWT (type 1). If in /settings/integrations → likely third-party integration (type 3).
Why tokens expire
Tokens have expiry as a security feature:
Limits damage if a token is stolen
Forces periodic re-authorization (user confirms continued access)
Enables revocation (platform can invalidate without notifying Wevion)
Wevion's auto-refresh handles most expiry transparently. Manual re-auth is needed only when refresh fails (revoked, permission change, account issue).
Don't ignore TOKEN_EXPIRING notifications
When you get the notification:
Re-authorize within the warning window (typically 7-14 days)
After full expiry: data syncs stop, publishing fails, rules can't act on affected platform
Recovery still possible via re-auth flow, but you lose the data that didn't sync during the gap
Some Wevion deployments auto-pause rules pointing to expired-token accounts to prevent action failures (auto_paused_at set on automation_rule table).
Multi-account scenarios
If you have multiple ad accounts (e.g. agency with 20 Meta accounts):
Token expiry is per-account
Re-auth per-account via
/connect/metamay need to be repeated for eachSome platforms allow batch re-auth via single OAuth grant
Verify each account's status in Wevion UI after re-auth.
Common questions
Why did my token expire when I haven't logged out?
Refresh failure (platform-side issue, network, permission change). Common after platform updates.
Can I extend token lifetime?
No — provider-controlled. Wevion automatically uses the longest-lived token type each provider offers.
Will I lose data if I don't re-auth promptly?
Sync data from period after expiry until re-auth is lost (provider doesn't backfill).
Do tokens differ between trial + paid?
No — same OAuth tokens. Lifetime determined by provider, not your subscription.
Common issues
Re-auth completes but error persists: cache issue — refresh Wevion page; if still: check ad account permission (you may have been removed)
Multiple expired tokens at once: platform-wide event (e.g. Meta forced re-auth). Re-auth each.
Auto-refresh seems to fail repeatedly: provider may have rate-limited Wevion; wait + retry
Notification for token expiring but I just re-authed: notification lag (sent before re-auth completed); check current status
Related
Connect Meta — Meta OAuth re-auth flow
Connect Google — Google OAuth re-auth
Connect Telegram — Telegram link