circle-check
Introducing our brand new event Stream Hub —
Read the docschevron-right
search
Changelog

Refresh token

How to execute the authorization flow and get your access token

The refresh_token grant type is used by clients to exchange a refresh token for an expired access token.

Sales channels can use this grant type to refresh a customer's access token with a "remember me" option. Webapps can use it to refresh the access token skipping the authorization code step.

circle-exclamation

If a scope (different from the default market:all) was included in the expired access token request, you must specify the same scope when using the refresh token.

hashtag
Getting an access token

To get an access token using the refresh_token grant type, send a POST request to the /oauth/token endpoint, passing the API client credentials in the request body.

hashtag
Request

POST https://auth.commercelayer.io/oauth/token

hashtag
Arguments

Body parameter
Type
Required
Description

grant_type

String

Required

refresh_token

refresh_token

String

Required

A valid refresh_token.

client_id

String

Required

Your client ID (from you API credentials).

client_secret

String

Optional

Your client secret (required for confidential API credentials — i.e. in case of authorization code flow).

scope

String

Optional

Your access token scope (market, stock location). Required if the expired access token had a scope (must be the same).

hashtag
Examples

hashtag
Sales channel with password flow

The following request tries to exchange a valid refresh token for an expired access token of a sales channel:

hashtag
Webapp with authorization code flow

The following request tries to exchange a valid refresh token for an expired access token of a webapp:

PreviousAuthorization codeNextJWT bearer

Last updated