Refresh token
How to execute the authorization flow and get your access token
The
refresh_token
grant type is used by clients to exchange a refresh token for an expired access token.Sales channels can use the
refresh_token
grant type to refresh a customer's access token with a "remember me" option. Webapps can use the refresh_token
grant type to refresh the access token skipping the authorization code step.A refresh token can be revoked before its natural expiration date.
To get an access token using the
refresh_token
grant type, send a POST
request to the /oauth/token
endpoint, passing the API client credentials in the request body.POST https://yourdomain.commercelayer.io/oauth/token
Body parameter | Type | Required | Description |
---|---|---|---|
grant_type | string | Required | refresh_token |
refresh_token | string | Required | A valid refresh_token . |
client_id | string | Required | Your application's client_id . |
client_secret | string | Optional |
Request
Response
curl -g -X POST \
'https://yourdomain.commercelayer.io/oauth/token' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"grant_type": "refresh_token",
"refresh_token": "your-refresh-token",
"client_id": "your-client-id"
}'
On success, the API responds with a
200 OK
status code, returning the requested access token and customer info:{
"access_token": "your-access-token",
"token_type": "bearer",
"expires_in": 7200,
"refresh_token": "your-new-refresh-token",
"scope": "market:1234",
"created_at": 123456789,
"owner_id": "zxcVBnMASd",
"owner_type": "customer"
}
Request
Response
curl -g -X POST \
'https://yourdomain.commercelayer.io/oauth/token' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"grant_type": "refresh_token",
"refresh_token": "your-refresh-token",
"client_id": "your-client-id",
"client_secret": "your-client-secret"
}'
On success, the API responds with a
200 OK
status code, returning the requested access token and customer info:{
"access_token": "your-access-token",
"token_type": "bearer",
"expires_in": 7200,
"refresh_token": "your-new-refresh-token",
"scope": "market:1234",
"created_at": 123456789,
"owner_id": "zxcVBnMASd",
"owner_type": "customer"
}
To revoke a refresh token, send a
POST
request to the /oauth/revoke
endpoint, passing the required parameters in the request body.POST https://yourdomain.commercelayer.io/oauth/revoke
Body parameter | Type | Required | Description |
---|---|---|---|
client_id | string | Required | Your application's client_id . |
token | string | Required | A valid refresh_token . |
Request
Response
The following request revokes a refresh token, before its natural expiration date:
curl -g -X POST \
'https://yourdomain.commercelayer.io/oauth/revoke' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"client_id": "your-client-id",
"token": "your-refresh-token"
}'
On success, the API responds with a
200 OK
status code, returning an empty object.Last modified 10mo ago