Permanent or Long term “Access Token” is not encouraged nor recommended. This will cause security concerns whereby if the access token is stolen/obtained by others, this will cause the API access for the Organization being compromised. Tokens refresh (Expired time) will ensure the integrity for token and enhance the security for the API access. I will suggest you to further discuss with the third party partner to enable the mention security feature.
Again, if you insist to have longer timeout for the access token and understand the security concerns that had been discussed, please send your request to email@example.com with the follow subject line:
Apply a new OAuth Client ID for Access token last for XX days longs.