Tokens are used to authenticate your app and access protected endpoints. This guide explains how to use access tokens and refresh tokens.
Access Tokens
An access token is a string that is used to authenticate your app and access protected endpoints. It is a short-lived token.
To use the access token, you must include the following HTTP header in your API calls:
| Parameter | Value |
|---|---|
Authorization |
Bearer <ACCESS_TOKEN> |
Note that the access token is valid for 1 hour (3600 seconds). After that time, the token expires and you need to request a new one.
Refresh Tokens
A refresh token is a long-lived token that can be used to obtain a new access token without requiring the user to re-authorize your app. This is useful when the access token expires, allowing you to maintain access without user intervention. Refresh tokens are typically issued alongside access tokens during the authorization flow. When you exchange the authorization code for an access token, you will also receive a refresh token.
To obtain a new access token using a refresh token, you must send a POST request to the token endpoint with the following parameters:
| Parameter | Value |
|---|---|
grant_type |
refresh_token |
refresh_token |
A valid refresh token that you previously obtained. |
| Header | Value |
|---|---|
Content-Type |
application/x-www-form-urlencoded |
Authorization |
Basic <base64 encoded CLIENT_ID:CLIENT_SECRET> |