Refresh Token

Refresh Token

You can find expires_in and refresh_token in the payload when you receive access token from us.
expires_in means the token will expire after x seconds.

When the access token is close to expire time, you can use refresh_token to exchange for a new token.

The following example shows the idea:

Params you need to need

REFRESH_TOKEN: The refresh token you have
DEVELOPER_APP_CLIENT_ID: Your app client id
DEVELOPER_APP_CLIENT_SECRET: Your app secret
REDIRECT_URI: uri you set in App Keys page.

POST https://developers.shoplineapp.com/oauth/token?
  grant_type=refresh_token
  client_id=DEVELOPER_APP_CLIENT_ID&
  client_secret=DEVELOPER_APP_CLIENT_SECRET&
  refresh_token=REFRESH_TOKEN&
  redirect_uri=REDIRECT_URI

Paired Tokens

The refresh token always comes paired with an access token. When you receive an access token in a response, it will always be accompanied by a refresh token.

Expiration

The refresh token will expire within one day after the access token has expired. As such:

It is advised to refresh and exchange for a new access token before the access token expires.

This proactive approach ensures uninterrupted access and minimizes potential user authentication disruptions.

Storing Refresh Tokens

Applications are responsible for securely storing the refresh token received in each response. This stored token is crucial as it will be required in the next request to fetch a new access token when the current one nears expiration.

🚧

Important Note on Token Revoke

If for any reason the access token is revoked (i.e. merchant uninstalled the app), please be aware of the following consequence:

When an access token is revoked, the corresponding refresh token will also become invalid.

This means that once the access token is revoked, the system won't accept the associated refresh token to grant a new access token. Users (i.e. merchants) will have to reauthenticate to obtain new tokens.