Refreshing Access Tokens
This article describes the process of refreshing an expired access token.
The POST /v1/auth/token endpoint allows users to refresh their OAuth 2.0 access token using the refresh_token grant type. This method is used when the current access token expires, enabling users to obtain a new token without requiring authentication credentials again.
Token Refresh Using Refresh Token Grant Type
Request
Headers
| Name | Type | Required | Description |
|---|---|---|---|
partnerId | int32 | ✅ Yes | The partner ID required for authentication. |
grantType | string | ✅ Yes | Must be set to refresh_token. |
Body Parameters
| Name | Type | Required | Description |
|---|---|---|---|
refreshToken | string | ✅ Yes | The refresh token obtained during authentication. |
Example Request Body
{
"refreshToken": "dGhpcyBpcyBhIHJlZnJlc2hUb2tlbi..."
}
Response (200 OK)
| Name | Type | Description |
|---|---|---|
access_token | string | The newly generated OAuth 2.0 access token. |
refresh_token | string | A new refresh token (if applicable). |
expires_in | integer | Expiration time (in seconds) of the access token. |
token_type | string | Type of the token, typically Bearer. |
Example Response Body
{
"access_token": "eyJhbGciOiJIUzI1NiIsIn...",
"refresh_token": "dGhpcyBpcyBhIHJlZnJlc2h...",
"expires_in": 3600,
"token_type": "Bearer"
}
Error Responses
Expired or Invalid Refresh Token
If an invalid or expired refresh token is used:
{
"error": "invalid_grant",
"error_description": "Refresh token has expired or is invalid."
}
Missing Refresh Token
If the request does not contain a valid refresh token:
{
"error": "invalid_request",
"error_description": "Missing refresh token."
}
The accesstoken is valid for 24 hours, after which it must be refreshed.
Updated about 1 month ago