Disclaimer: This website requires Please enable JavaScript in your browser settings for the best experience.

The availability of features may depend on your plan type. Contact your Customer Success Manager if you have any questions.

Dev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideLegal TermsGitHubDev CommunityOptimizely AcademySubmit a ticketLog In
Dev Guide

Refresh tokens

Describes how to exchange a refresh token for an access token on Optimizely's authorization server.

📘

Note

For authorization code grants only.

After the authorization code exchange, you can exchange a refresh token for an access token by issuing an HTTPS POST request to Optimizely's authorization server.

The examples below show an example request and a successful response. In the event the user has revoked your access, you will receive an HTTP 400 response.

Definitions

  • refresh_token – The refresh token returned from the authorization code exchange.
  • client_id – The client ID for your application (see app settings).
  • client_secret – The client secret for your application (see app settings).
  • grant_type – As defined in the OAuth 2.0 spec, this field must contain a value of refresh_token.

Example POST request

POST https://app.optimizely.com/oauth2/token
  ?refresh_token=1234567890abcdefghijklmnopqrstuvwxyz
  &client_id=123
  &client_secret=iamverysecret
  &grant_type=refresh_token

Example JSON response

{
  "access_token": "abcdefghijklmnopqrstuvwxyz",
  "expires_in": 7200,
  "token_type": "bearer",
}