The Meta Ads access token expires every 60 days by default. This guide explains what it is, why it expires, how to renew it from the Graph API Explorer, and how to create a System User Token that never expires.
What it is, why it expires, how to renew it, and the only permanent solution for agencies and production integrations.
If you’ve ever connected a third-party tool to your Meta Ads account — a reporting app, an automation, a custom dashboard — there’s a good chance you’ve experienced this: everything works perfectly for two months, and then, without warning, it stops.
No error message you were expecting. No obvious change. Just a tool that was running smoothly on Monday and is returning an authentication error by Friday.
The cause is almost always the same. Your access token has expired.
This article explains exactly what a Meta Ads access token is, why it expires after 60 days, how to renew it when it does, and when it makes sense to set up a permanent token that never needs renewing again.
What is a Meta Ads access token?
When an external application wants to read or modify data in your Meta Ads account — campaigns, creatives, performance metrics — it needs to prove to Meta’s API that it has permission to do so. The access token is that credential: a long string of characters starting with EAAc... that acts as a temporary key to your advertising account.
Without a valid token, no call to the Meta Graph API can access your data. Think of it as a password for machine-to-machine communication — designed specifically for automated systems rather than human login sessions.
Every tool that connects to your Meta Ads account programmatically — whether it’s a reporting platform, a Make.com automation, or a custom integration — is using an access token behind the scenes. When that token expires, the connection breaks.
Why it expires after 60 days
Meta distinguishes between two types of token based on duration.
Short-lived tokens are generated by the Graph API Explorer by default. They last approximately one hour. They’re useful for one-off API calls and manual testing, but should never be used in production integrations.
Long-lived tokens are obtained by exchanging a short-lived token for an extended version through a specific API endpoint. They last approximately 60 days. These are the tokens most third-party tools and automations use in production.
The 60-day expiration exists for security reasons. A token that never expired would represent a permanent risk if it were ever leaked or compromised. By forcing periodic renewal, Meta limits the window of exposure in the event that a token ends up in the wrong hands.
The practical problem is predictable. If you have an automation running every week using your access token, every 60 days that automation silently fails until you manually generate and update a new token. If you don’t have monitoring in place, you may not notice for days.
How to renew your token manually
The most direct way to generate a new long-lived token is through the Meta Graph API Explorer.
Open developers.facebook.com/tools/explorer. Select your app from the dropdown in the top right corner. Click Generate Access Token and select the permissions you need — for Meta Ads reporting, the standard permissions are ads_read and ads_management. Meta will ask you to confirm access to your ad account.
The token the Explorer generates is a short-lived token valid for one hour. To convert it into a long-lived token valid for 60 days, make one additional API call in this format:
Replace YOUR_APP_ID and YOUR_APP_SECRET with your app credentials from Meta for Developers, and YOUR_SHORT_LIVED_TOKEN with the token you just generated. The response will contain a new token that lasts approximately 60 days.
Copy that token and paste it wherever your integration expects it — your reporting tool, your Make.com scenario, your configuration sheet.
Set a calendar reminder for 50 days from now. When it fires, repeat the process.
The permanent solution: System User Token
If you manage client accounts, run production automations, or simply don’t want to repeat this process every two months, the correct solution is a System User Token.
Unlike user tokens, the System User Token is not tied to a personal account and has no expiration date. It is the standard for production integrations in professional environments and the approach Meta recommends for agencies and developers building on top of the platform.
To create one, you need administrator access to the Business Manager of the account in question. Here’s the process.
Open business.facebook.com and navigate to Business Settings. In the left menu, under Users, select System Users. Create a new system user — give it a descriptive name like reporting-integration or the name of the tool you’re connecting. Assign it the Employee role, which is sufficient for read-only ad data access.
With the user created, click Assign Assets and select the ad accounts you need access to. Assign the Analyze campaigns permission for read-only access, or Manage campaigns if the integration also needs to create or modify campaigns.
Finally, click Generate New Token. Select your app, enable the required permissions (ads_read, ads_management, business_management as needed), and generate the token.
That token does not expire. Configure it once and the integration runs indefinitely — or until you explicitly revoke access, delete the system user, or Meta changes its authentication policies (which would come with advance notice).
When to use each option
If you are testing a new integration or making a one-off API call, use the Graph API Explorer and a short-lived token. Nothing more is needed.
If you have an automation running weekly — a reporting system, a webhook feeding data to a spreadsheet, a tool generating automatic analysis — use a long-lived token renewed every 50 days while you validate that the integration works as expected.
If the integration is in production and needs to be reliable without manual maintenance, create a System User Token. It is the correct standard for any integration that should not depend on someone remembering to renew a credential every two months.
Why this matters for tools like Louvr Performance
Louvr Performance connects to the Meta Graph API every week to pull creative-level performance data from your ad account. The access token you configure in your account settings is what makes that automatic analysis possible.
With a standard long-lived token, the system works reliably for 60 days. When the token expires, the weekly analysis stops running until you renew it. We send an email reminder before expiry, but the interruption is real if it’s missed.
With a System User Token, the integration runs indefinitely without any intervention. For users who have set up a system user in their Meta Business Manager, connecting Louvr Performance becomes a one-time configuration — set it up once and your Monday brief arrives every week without a 60-day maintenance cycle.
If your Business Manager has system user permissions enabled, we recommend using that approach. If not, a long-lived token renewed every 50 days is the practical alternative.
Summary
The Meta Ads access token is the credential that allows external applications to access your ad account through the API. Standard long-lived tokens expire after 60 days and require manual renewal. The System User Token in Meta Business Manager has no expiration date and is the correct standard for production integrations. Creating one requires administrator access to Business Manager. If a tool that connects to your Meta Ads account periodically stops working without an obvious reason, an expired token is the first place to look.
Louvr Performance · louvrlabs.com · Weekly AI-powered Meta Ads analysis for serious operators