Refresh tokens
Refresh tokens are credentials used to obtain access tokens. For more information see RFC 6749.
When you redeem an authorization code for an access token a refresh token is issued too. Refresh tokens are valid for 365 days by default, and access tokens 7 days, see Token Lifetime. After a refresh token expires the user needs to reauthorize the application, you can't refresh a refresh token.
Any time during the validity of the refresh token you can refresh your access token. The new access token will be valid 7 days from the time of issue.
Note that no new refresh token is issued for a new authorization request if there's already an existing active refresh token. Instead that refresh token will be returned and the original refresh token expiry won't be changed.
Step 1 - Getting an access and refresh token
Follow the Authorization Code Workflow to get an access and refresh token.
Step 2 - Refreshing an access token
Use the refresh token from step 1 to request a new access token by calling the get access token with your refresh token. The endpoint will return a new access token.
Reference documentation
Use grant_type=refresh_token
Sample Request
POST /oauth2/token HTTP/1.1
Host: api.yelp.com
Content-Type: application/x-www-form-urlencoded
client_id={client_id}&
client_secret={client_secret}&
grant_type=refresh_token&
refresh_token={refresh_token_code}
The authorization server responds with a new access token with HTTP status code 200 if the token has been refreshed successfully:
{
"access_token": "<128_character_long_string>",
"token_type": "Bearer",
"expires_in": 10000,
"expires_on": "2016-08-26T15:25:16+00:00",
}
Updated about 1 year ago