The expiry is in seconds. So for Implicit OAuth tokens and App tokens the expiration is about 60 days (+/- a few days). For tokens from the Auth Code flow their expiration is about 4 hours, but can be refreshed so is not an issue.
Yes, you can use a token until it expires or is made invalid (such as the token being revoked, or the user disconnecting from your app if it’s a user token).