This page will help you get started with using Refresh Tokens
All access tokens granted will automatically expire after the timeframe specified when retrieving the token, so all developer code must cater for refreshing tokens. You do this by swapping a refresh token for a new access token.
If an access token has been granted, you can use the refresh token included when the original token was granted to automatically retrieve a new access token.
Response
The response to the refresh token request is the same as the response to the initial token grant:
| Parameter | Type | Description |
|---|---|---|
| access_token Always Present | String | The OAuth token to use for further API calls. |
| token_type Always Present | String | Type of access token. Will always be Bearer. |
| expires_in Always Present | Number | The number of seconds left that access_token is valid. |
| refresh_token Always Present | String | A long-lived token which can be used to obtain a new access token. |
| as:client_id Always Present | String | your client id. |
| .issued Always Present | Date | Date and time the access token was issued. |
| .expires Always Present | Date | Date and time the access token will expire. |
Important
Please note each refresh token can only be used once. Each response to refresh an access token request will return a refresh token that needs to be used next time.
Using Access tokens to make API calls
When making API calls with an OAuth access token, the token should be passed in as a bearer token in the Authorization header of an API request.
So for example, if your access token was JKTmODIzNTBhODQ1ZWU5ZDkz, the authorization header of your HTTPS requests would be Authorization: Bearer JKTmODIzNTBhODQ1ZWU5ZDkz.