oAuth tokens are valid for a number of seconds as described by the validate endpoint when checking the token or when obtaining the token the expires_in is in the response.
So you should resuse a token if the token is still valid, instead of making a new token for reach request
No, because I don’t know what kind of token you want
Please refer to the documentation to determine which kind of token you need. It sounds like you need an App Access Token, but I don’t know what your application/website/tool does, as if your application/website/tool has a logged in user, you’d use the Users oAuth token rather than an App Access Token
Covers the token types, and it’s following section covers what the responses/types are
If you happen to just be using an application like Insomnia to get the results from the API, then the only update you need to make is most likely in your Authorization tab. You would need to specify OAuth2, the authorization URL seen in the screenshot below, and your client id. Insomnia, for example, then has a create/refresh token button which is then automatically sent with your API request.
Everything else can stay the same; include the client id in your header and the id in the query parameters.