diff --git a/assets/js/src/ajax.js b/assets/js/src/ajax.js
index 2947aacb1d..55681eefe5 100644
--- a/assets/js/src/ajax.js
+++ b/assets/js/src/ajax.js
@@ -15,6 +15,14 @@ function requestFailed(errorMessage, xhr) {
   };
 }
 
+// Renew MailPoet nonce via heartbeats to keep auth
+// for AJAX requests on long-open pages
+jQuery(document).on('heartbeat-tick.mailpoet-ajax', (event, data) => {
+  if (data.mailpoet_token) {
+    window.mailpoet_token = data.mailpoet_token;
+  }
+});
+
 MailPoet.Ajax = {
   version: 0.5,
   options: {},
diff --git a/lib/API/JSON/API.php b/lib/API/JSON/API.php
index ce00ac0639..cda8d69560 100644
--- a/lib/API/JSON/API.php
+++ b/lib/API/JSON/API.php
@@ -84,6 +84,12 @@ class API {
       'wp_ajax_nopriv_mailpoet',
       [$this, 'setupAjax']
     );
+
+    // nonce refreshing via heartbeats
+    WPFunctions::get()->addAction(
+      'wp_refresh_nonces',
+      [$this, 'addTokenToHeartbeatResponse']
+    );
   }
 
   public function setupAjax() {
@@ -234,6 +240,11 @@ class API {
     );
   }
 
+  public function addTokenToHeartbeatResponse($response) {
+    $response['mailpoet_token'] = Security::generateToken();
+    return $response;
+  }
+
   public function addEndpointNamespace($namespace, $version) {
     if (!empty($this->endpointNamespaces[$version][$namespace])) return;
     $this->endpointNamespaces[$version][] = $namespace;