Refresh Token
You can refresh the existing Customer Access Token to a new one using the refresh token.
Request Method: POST
Request Host: shop host (e.g. https://{{handle}}.shoplineapp.com)
Request Endpoint: /oauth/token
Request Body:
| Name | Type | Example |
|---|---|---|
| refresh_token | String | <refresh token retrieved from /oauth/token> |
| grant_type | String | refresh_token |
| redirect_uri | String | <same redirect_uri as /oauth/authorize> |
| client_id | String | <client id from Open API oauth application> |
| client_secret | String | <client secret from Open API oauth application> |
Request URL example:
POST {{shop_host}}/oauth/token
Example Response:
| Status Code | Example Response Body |
|---|---|
| 200 OK | The request was successful, and the access_token, refresh_token is returned as customer access token and customer refresh token.{ "access_token": "xxx", "token_type": "Bearer", "expires_in": 15778476, "refresh_token": "xxx", "scope": "shop", "created_at": 1742791521, "merchant": { "\_id": "6270afa09ece2a273289d796", "email": "[email protected]", "handle": "mary581", "name": "Mary's Store" }, "user": { "\_id": "63292fb4cff523028659b38c", "email": "[email protected]", "locale_code": "en", "name": "Mary" } } |
| 400 Bad Request | Invalid or missing parameters, such as grant_type, refresh_token, redirect_uri, client_id, or client_secret.{ "error": "invalid_grant", "error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client." } |
| 401 Unauthorized | Invalid client id or client secret{ "error": "invalid_client", "error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method." } |
Updated 19 days ago