When performing your initial request you can supply the offline_access scope and then the response will include an additional refresh_token field.

These refresh tokens have a much longer expiry than standard access tokens. They cannot be used for API requests and can only be used to generate new access tokens. Generating access tokens in this manner does not require interactive user access.

URL:  https://app.nationalcrimecheck.com.au/oauth2/token 

Method: POST

Request fields include:

• client_id
• client_secret
• grant_type -- must be "refresh_token"
• refresh_token

Each request to the refresh token will extend the expiry time of the refresh token.

Response fields are the same as the initial access token request. If the refresh_token field is returned then your stored refresh token should be updated to the new token.