Refresh token
How to execute the authorization flow and get your access token
Last updated
How to execute the authorization flow and get your access token
Last updated
The refresh_token grant type is used by clients to exchange a refresh token for an expired access token.
Sales channels can use this grant type to refresh a customer's access token with a "remember me" option. Webapps can use it to refresh the access token skipping the authorization code step.
If a scope (different from the default market:all) was included in the expired access token request, you must specify the same scope when using the refresh token.
To get an access token using the refresh_token grant type, send a POST request to the /oauth/token endpoint, passing the API client credentials in the request body.
POST https://auth.commercelayer.io/oauth/token
| Body parameter | Type | Required | Description |
|---|---|---|---|
The following request tries to exchange a valid refresh token for an expired access token of a sales channel:
The following request tries to exchange a valid refresh token for an expired access token of a webapp:
grant_type
String
Required
refresh_token
refresh_token
String
Required
A valid refresh_token.
client_id
String
Required
Your client ID (from you API credentials).
client_secret
String
Optional
Your client secret (required for confidential API credentials — i.e. in case of authorization code flow).
scope
String
Optional
Your access token scope (market, stock location). Required if the expired access token had a scope (must be the same).