...
The access token has a limited lifetime, once it expires it can no longer be used. You must then obtain a new access token from theĀ access tokens endpoint using the refresh_token grant type.
Refresh tokens are obtained from theĀ access tokens endpoint together with the access token. Refresh tokens are not used in the authorization header, they are only used to renew an active session using the refresh_token grant type with the access tokens endpoint.
Refresh tokens also have a limited lifetime, but they are much longer lived than access tokens. When you renew a session, you are given a new set of access token and refresh token. Once used, a refresh token is no longer usable.
...