Refreshing Access Tokens
This article describes the process of refreshing an expired access_token
using a valid refresh_token
. This ensures that users can continue using the system without re-entering their credentials. The access_token
is valid for 24 hours, after which it must be refreshed.
The POST /v1/auth/token endpoint allows users to refresh their OAuth 2.0 access token using the refresh_token
grant type. This method is used when the current access token expires, enabling users to obtain a new token without requiring authentication credentials again.
Token Refresh Using Refresh Token Grant Type
The refresh_token grant type allows users to request a new access token using a valid refresh token.
Request
Headers
Name | Type | Required | Description |
---|---|---|---|
partnerId | int32 | ✅ Yes | The partner ID required for authentication. |
grantType | string | ✅ Yes | Must be set to refresh_token . |
Body Parameters
Name | Type | Required | Description |
---|---|---|---|
refreshToken | string | ✅ Yes | The refresh token obtained during authentication. |
Example Request Body
{
"refreshToken": "dGhpcyBpcyBhIHJlZnJlc2hUb2tlbi..."
}
Response (200 OK)
Name | Type | Description |
---|---|---|
access_token | string | The newly generated OAuth 2.0 access token. |
refresh_token | string | A new refresh token (if applicable). |
expires_in | integer | Expiration time (in seconds) of the access token. |
token_type | string | Type of the token, typically Bearer . |
Example Response Body
{
"access_token": "eyJhbGciOiJIUzI1NiIsIn...",
"refresh_token": "dGhpcyBpcyBhIHJlZnJlc2h...",
"expires_in": 3600,
"token_type": "Bearer"
}
Error Responses
Expired or Invalid Refresh Token
If an invalid or expired refresh token is used:
{
"error": "invalid_grant",
"error_description": "Refresh token has expired or is invalid."
}
Missing Refresh Token
If the request does not contain a valid refresh token:
{
"error": "invalid_request",
"error_description": "Missing refresh token."
}
This document provides a complete reference for handling OAuth 2.0 token refresh using the /v1/auth/token endpoint with the refresh_token
grant type.
Updated about 2 months ago