Using an OAuth Refresh Token

Access Tokens retrieved via the User OAuth Flow expire after 1 year - to avoid having the user re-authenticate, the refresh token can be used to get a new access token. Refresh Tokens are returned as part of the requestAccessToken mutation.

To get a new access token from a request token, you use the requestAccessToken mutation with the REFRESH_TOKEN grant.

Example requestAccessToken request:

  requestAccessToken(
    input: {
      grant_type: REFRESH_TOKEN
      client_id: "92170a97-d773-44f3-bbd5-c825b27e7f5c"
      client_secret: "IBvjEqjk5jCdTEGtzccNXsVilYwAwkpemNSuLHhm",
      refresh_token:"def502005eb1323ba8d47e2c8390b01d5aa6ace1f363715f0fd62277067e0388b08a3939445af9f43b5fc1054c5a6f4a89dd01fbb3fb9b752e05aede42b02cdd8d2d809d25aec40405e1dca240bf0067e35e3a450ea33caad598e64801c4c50c215866968cc3801cd1c76a77b4b541d313d7e72edc177ad1e5c32f86e51b1219992237b91ff06f488d164cdfcf6933d9c9ef74c880d2662b8399443b619f27910b4a48ed114967e6c7cefc2ef33f323cd9d9708dffe5fe80976f5f19618a1d0053ce21dc20083370b66c1410fed638c2efba0d1f0dec5085fa42c4e00941c73f4c2c057850260ad94a3a7c52e9c95c1c572ecf3c70da1a6ffdaee05966f515a5db2c29a88536d3283a53bd2b31f9debeada36d9be96b84d73e23081327e7d886dba5f2269444b62127a9abefac2686592dae92c8900470470637321e7b750fd3686edadf73f6b578589404aa72d1e42e9f423fdd53b26ddb08545efac4e3b2ec3050d786d12d400890b19fca74a4b49519f968e676d69f33d673edc581b1f0b7d1b38061ab24f83825cd50f790b7d7cd0ca2285cc5a51e8cdb52df408d94599cec1c163c6c2b74477106760159a3b1d7d1c8e65bffb13fb4fdcd91aabc096ac342ed74384ac9211ac64af90b4352eb717021"
    }
  ) {
    access_token
    refresh_token
  }
}

You should save the new access_token and refresh_token for further use. Note that the previous access_token is revoked during this process, so the new one must be used from now on.