For developers, we’re continuing to refine how authentication tokens work, trying to maintain backward compatibility as much as possible. The scope and expiration for tokens will start to be enforced. Apps should always call /account/verify to refresh a token that might expire. See the updated docs.