Thanks for your patience @NawazPasha, I wanted to wait for this announcement before explaining:
Back to your questions:
I understood from access token response that it is valid for 3600 seconds. Is there any way to customize the lifetime of access token?
No. Your client should use the refresh token when it needs to use APIs for longer than the access token lifetime.
And what is the validity of refresh token?
Previously forever. As of today and the above announcement, 30 days or 2592000 seconds. So, for 30 days, you can exchange the same refresh token for new 3600 sec access tokens. Each time you exchange the refresh token for an access token, you are also given a new refresh token with a refreshed lifetime of 30 days. That way you can keep the refresh token fresh.