The POST /v1/auth/token endpoint allows users to refresh their OAuth 2.0 access token using the refresh_token grant type. This method is used when the current access token expires, enabling users to obtain a new token without requiring authentication credentials again.

Token Refresh Using Refresh Token Grant Type

The refresh_token grant type allows users to request a new access token using a valid refresh token.

Request

Headers

Name	Type	Required	Description
`partnerId`	`int32`	✅ Yes	The partner ID required for authentication.
`grantType`	`string`	✅ Yes	Must be set to `refresh_token`.

Body Parameters

Name	Type	Required	Description
`refreshToken`	`string`	✅ Yes	The refresh token obtained during authentication.

Example Request Body

{
  "refreshToken": "dGhpcyBpcyBhIHJlZnJlc2hUb2tlbi..."
}

Response (200 OK)

Name	Type	Description
`access_token`	`string`	The newly generated OAuth 2.0 access token.
`refresh_token`	`string`	A new refresh token (if applicable).
`expires_in`	`integer`	Expiration time (in seconds) of the access token.
`token_type`	`string`	Type of the token, typically `Bearer`.

Example Response Body

{
  "access_token": "eyJhbGciOiJIUzI1NiIsIn...",
  "refresh_token": "dGhpcyBpcyBhIHJlZnJlc2h...",
  "expires_in": 3600,
  "token_type": "Bearer"
}

Error Responses

Expired or Invalid Refresh Token

If an invalid or expired refresh token is used:

{
  "error": "invalid_grant",
  "error_description": "Refresh token has expired or is invalid."
}

Missing Refresh Token

If the request does not contain a valid refresh token:

{
  "error": "invalid_request",
  "error_description": "Missing refresh token."
}

This document provides a complete reference for handling OAuth 2.0 token refresh using the /v1/auth/token endpoint with the refresh_token grant type.