How to refresh tokens used in API calls

Cluster information:

Kubernetes version: v1.18.12
Cloud being used: Google Cloud
Installation method:

I am very new to Kubernetes and need some help with using tokens used for the API calls. I need to use these APIs in a setup where gcloud, kubectl or proxy do not exist. Followed the example provided in the documentation:

It does work. I can move the 2 files (json and yaml), setup the env variables and run command ’ ```
curl -X GET $APISERVER/api --header “Authorization: Bearer $TOKEN” --insecure’ successfully (followed example: Access Clusters Using the Kubernetes API | Kubernetes).

But it appears that the TOKEN has an expiry time (not sure how long though). Because, when I run the same Curl commands sometime later (after few hours), it fails with a 403 error.

I need to run a kubectl command like ‘kubectl cluster-info’, which updates the access-token in the yaml file. Then I can use the new token in the Curl command. This production setup this will not work for me because that setup with not have gcloud or kubectl installed.

a. Is there a programmatic way to check if the token has expired before using it?
b. Is there a programmatic way to get a new token?
c. is the ‘expiry’ listed in yaml file UTC or local time?

I am using Java and any examples you can provide will be of great help.

Thank you