Refresh token
How to execute the authorization flow and get your access token
The refresh_token grant type is used by clients to exchange a refresh token for an expired access token.
Sales channels can use this grant type to refresh a customer's access token with a "remember me" option. Webapps can use it to refresh the access token skipping the authorization code step.
If a scope (different from the default market:all) was included in the expired access token request, you must specify the same scope when using the refresh token.
Getting an access token
To get an access token using the refresh_token grant type, send a POST request to the /oauth/token endpoint, passing the API client credentials in the request body.
Request
POST https://auth.commercelayer.io/oauth/token
Arguments
grant_type
String
Required
refresh_token
refresh_token
String
Required
A valid refresh_token.
client_id
String
Required
Your client ID (from you API credentials).
client_secret
String
Optional
Your client secret (required for confidential API credentials — i.e. in case of authorization code flow).
scope
String
Optional
Your access token scope (market, stock location). Required if the expired access token had a scope (must be the same).
Examples
Sales channel with password flow
The following request tries to exchange a valid refresh token for an expired access token of a sales channel:
On success, the API responds with a 200 OK status code, returning the requested access token and customer info:
Webapp with authorization code flow
The following request tries to exchange a valid refresh token for an expired access token of a webapp:
On success, the API responds with a 200 OK status code, returning the requested access token and customer info:
Last updated