Skip to main content

Using an OAuth Refresh Token

Access Tokens retrieved via the User OAuth Flow expire after 1 year - to avoid having the user re-authenticate, the refresh token can be used to get a new access token. Refresh Tokens are returned as part of the requestAccessToken mutation.

To get a new access token from a request token, you use the requestAccessToken mutation with the REFRESH_TOKEN grant.

Example requestAccessToken request:

  requestAccessToken(
    input: {
      grant_type: REFRESH_TOKEN
      client_id: "YOUR_CLIENT_ID"
      client_secret: "YOUR_CLIENT_SECRET"
      refresh_token: "YOUR_REFRESH_TOKEN"
    }
  ) {
    access_token
    refresh_token
  }
}

You should save the new access_token and refresh_token for further use. Note that the previous access_token is revoked during this process, so the new one must be used from now on.