You should never have to refresh your API access token, as long as you keep it secure and private. It's best to protect it like it's a password.
To keep it safe, store it safely and don't share it. Don't put it in the JavaScript in your web pages, which everybody can read. Instead, do your calls to our API from your backend server(s).
Your API access token never expires, but if it's leaked or inadvertently shared, you can revoke and replace it in your account settings.