I’m shocked to find my expired token working. The web shows it as expired as it supposed to have been, which is right, but the API code should have failed but didn’t 
This is a security threat that needs to be fixed ASAP.
Hello @kartz
This should not be the scenario, but if this is, will fix this as soon as possible. We do monitor API errors happening because of expired token, so the scenario is definitely not true in all cases.
Can you DM your Client ID and the API endpoint you are able to access with expired token?