Bearer token has expiry of 5 min and refresh token will be valid for 5 min . It will require regeneration once expired.
4.
Distribution Platform verifies the identity of each Oauth2.0 API request, and whether the call parameters are valid. After 3 consecutive incorrect attempts, the account will be locked. Invalid response