Refresh Access Token API

Refresh Access Token API Address

If you are not using PLAINTEXT signature method, please check the OAuth specification for details on how to calculate a signature. This document assumes familiarity with the OAuth specification and skims some OAuth details. This API will be used to refresh short lived Access Token using Access Session Handle (ASH).

Refresh Access Token API Input Parameters

Request Parameter Type and Length Description
oauth_consumer_key string (256 chars) The consumer key that will be validated.
oauth_token string (1024 chars) The old, expired access token.
oauth_signature_method string (32 chars) PLAINTEXT or HMAC-SHA1
oauth_signature string (120 chars) For the PLAINTEXT signature method, this is the consumer secret with an ampersand '&' concatenated to the end. (See note below on URL encoding the ampersand.) For the HMAC-SHA1 signature method, this is the actual signature.
oauth_session_handle string (1024 chars) The persistent credential received in previous call to get_token
oauth_timestamp string (40 chars) A Unix timestamp, expressed as "seconds from epoch." Note that if your system typically returns a timestamp as milliseconds from epoch, you should divide the number by 1000.
oauth_nonce string (256 chars) A random value
oauth_version string (20 chars) 1.0

Refresh Access Token API Response

The response is the same as the call to the initial get_token API.


In case of the PLAINTEXT signature method being used, the oauth_signature should be your consumer secret concatenated with '&' which will then be URL encoded. Hence, the oauth_signature sent in the wire should look like 'oauth_signature=5b39ec891e64d8dbbfab96dc137da73e%26'. Please check the OAuth specification for details.

Table of Contents