Personal Access Token getting updated

We create IOT devices that are using HTTPS to download content from a common repository.
We added the Personal Access Token (with “no expiration”) and used it successfully to download the content. We also were able to update the repository content and the IOT devices kept connecting successfully to retrieve the updates.
However, recently it seems that whenever we update the repository content, the Personal Access Token is getting invalidated (or is being updated). We then need to create a new token which prevents the devices in the field from re-connecting to the repository.
What is the right way to use the Access Token?