Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Refresh Token

A refresh token allows for the continuation of a session beyond the lifetime of an access token. A refresh token can be used in a Refresh Token Grant to obtain new tokens.

Important

Each refresh token may be used only once. After a refresh token is used, it expires and cannot be used again. The Refresh Token Grant will issue a new refresh token in the response, which the client must use to obtain the next set of tokens.

A refresh token is longer-lived than the access token. A refresh token is typically valid for 7 days, whereas the access token is typically valid for 10 minutes.

Clients must not rely on the lifetime values above. These lifetimes are the defaults and may be changed on a per-client basis and at our discretion. The /token response includes the expires_in and refresh_token_expires_in fields, the lifetimes of the access and refresh tokens in seconds. Clients should use these fields at runtime to determine when to request new tokens.

The refresh token is considered opaque and its format may change without warning at our discretion.