Since working with APIs is unpredictable by nature, in this case, something went wrong and the credentials in our system were not updated as expected.

This is expected, as a lot of processes can go wrong, from network issues to database issues and more.

This is the reason I think that cases like the one we are discussing are expected and we will face them again in the future. It is not anyone's fault, it is the nature of the process.

Because of this, I think if the refresh token could always stay the same, we would easily update the hosts credentials even if something went wrong, as we would only need to get it correctly the first time.