Skip to main content

Refresh token

Access tokens expire, but some grant types generate refresh tokens, which clients can use to obtain new access tokens without redirecting the user.

  1. The application initiates a token refresh by sending a POST request to the token endpoint to exchange the user's refresh token for an access token. This request must be authenticated (basic authentication) using the client ID and secret.

    Sample request:

        curl -X POST -u appdirect-49:9vY0s4yb2pbnP7Vz -H 'Content-Type: application/x-www-form-urlencoded' "" -d "grant_type=refresh_token&refresh_token=qsdfbasfsa1bjbfdjbfs&scope=ROLE_USER%20ROLE_BILLING_ADMIN"
    grant_typeMust be refresh_token, which indicates that this is the Refresh Token grant type.
    refresh_tokenThe user's refresh token.
    scopeA space-separated list of requested scopes.
  2. The access token is returned.

    Sample response:

    "access_token": "EgLvB5pQZMkWl6diDYfg",
    "token_type": "bearer",
    "expires_in": 43199,

Was this page helpful?