#
Using a refresh token to obtain an access token
Warning
These will be the only supported endpoints after June 1st 2025. If you are using the old/legacy endpoints, we strongly recommend that you integrate with the new endpoints described here as soon as possible.
#
Introduction
A refresh token is a credential used to obtain a new access token when the current one expires, without requiring the user to log in again.
Once the access token expires, the refresh token is sent to the authorization server to request a new access token. This process reduces the need for frequent re-authentication while maintaining secure access to resources.
#
Obtaining a refresh token
To obtain a new access_token
from a refresh_token
, the following URL should be used:
Request method: POST
Please note that a refresh token can only be used once.
When using a refresh token to get hold of an access token, a new refresh token will also be provided in the response.
Required parameters in application/x-www-form-urlencoded
:
Required headers (if not client_id
and client_secret
provided in the body):
Response Structure:
#
Example with header option
curl https://sso.pageroonline.com/oauth/v2/oauth-token \
-d grant_type=refresh_token \
-d refresh_token=_1XBPWQQ_e61b091b-9139-4268-a7c7-765d2d418d52 \
--user 'client-id:client-secret'
The response will contain a JSON body that looks like this:
{
"token_type": "bearer",
"access_token": "_0XBPWQQ_2a66dd33-e108-4dc3-b653-e71b9feae02e",
"refresh_token": "_1XBPWQQ_e61b091b-9139-4268-a7c7-765d2d418d52",
"scope": "",
"claims": "publicid",
"expires_in": 600
}
Important
The refresh token is issued with a rolling lifetime of three years, allowing it to generate new access tokens continuously within this period. After three years, user authentication will be required to obtain a new refresh token.