Refresh Token

You can refresh the existing Customer Access Token to a new one using the refresh token.

Request Method: POST

Request Host: shop host (e.g. https://{{handle}}.shoplineapp.com)

Request Endpoint: /oauth/token

Request Body:

Name	Type	Example
refresh_token	String	<refresh token retrieved from `/oauth/token`>
grant_type	String	`refresh_token`
redirect_uri	String	<same redirect_uri as `/oauth/authorize`>
client_id	String	<client id from Open API oauth application>
client_secret	String	<client secret from Open API oauth application>

Request URL example:

POST {{shop_host}}/oauth/token

Example Response:

Status Code	Example Response Body
200 OK	The request was successful, and the `access_token`, `refresh_token` is returned as customer access token and customer refresh token. `{ "access_token": "xxx", "token_type": "Bearer", "expires_in": 15778476, "refresh_token": "xxx", "scope": "shop", "created_at": 1742791521, "merchant": { "\_id": "6270afa09ece2a273289d796", "email": "[email protected]", "handle": "mary581", "name": "Mary's Store" }, "user": { "\_id": "63292fb4cff523028659b38c", "email": "[email protected]", "locale_code": "en", "name": "Mary" } }`
400 Bad Request	Invalid or missing parameters, such as `grant_type`, `refresh_token`, `redirect_uri`, `client_id`, or `client_secret`. `{ "error": "invalid_grant", "error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client." }`
401 Unauthorized	Invalid client id or client secret `{ "error": "invalid_client", "error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method." }`

Status Code

Example Response Body

200 OK

The request was successful, and the access_token, refresh_token is returned as customer access token and customer refresh token.

{  
    "access_token": "xxx",  
    "token_type": "Bearer",  
    "expires_in": 15778476,  
    "refresh_token": "xxx",  
    "scope": "shop",  
    "created_at": 1742791521,  
    "merchant": {  
        "\_id": "6270afa09ece2a273289d796",  
        "email": "[email protected]",  
        "handle": "mary581",  
        "name": "Mary's Store"  
    },  
    "user": {  
        "\_id": "63292fb4cff523028659b38c",  
        "email": "[email protected]",  
        "locale_code": "en",  
        "name": "Mary"  
    }  
}

400 Bad Request

Invalid or missing parameters, such as grant_type, refresh_token, redirect_uri, client_id, or client_secret.

{  
    "error": "invalid_grant",  
    "error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."  
}

401 Unauthorized

Invalid client id or client secret

{  
    "error": "invalid_client",  
    "error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."  
}

Updated 2 days ago