Registered email Rest Api questions

I have a few questions that I am hoping you can help us with.

1. How long is the Access Token valid for?
2. How long is the Refresh Token valid for?
3. Is the Rest API Access Token still valid if a company’s 6-digit auth code is changed or would the company need to go through the process of approving access via the two step Companies house process?
4. What is the purpose of the validate endpoint for the registered email address, the documentation doesn’t not explain this and the error page that is linked errors https://github.com/companieshouse/api-enumerations/blob/develop/errors.yml?

Also, there are a couple of things for a software provider that are not ideal, these are as follows.
• A way to be able to grant access to the API for a company using the 6-digit auth code via the API and not the two step on screen process
• There is no where to put a presenter code for each request, our clients would expect that they are logged as the presenters of the filling.
Are these things likely to be addressed soon?

The access token is valid for 1 hour (at least that’s what it is on the sandbox)

I am also wondering the answers to question 4 and you auth code question, hopefully someone will answer!

I agree the requirement for the user to manually type the 6-digit auth code is odd and not very user friendly. Our software stores the auth codes, encrypted, in our database. Our users are used to the auth codes being sent in the XML for any Companies House API calls. This new API will, I suspect, annoy them a lot! It would be way more convenient if the auth code could be in the posted JSON data