Refresh tokens



For authorization code grants only.

After the authorization code exchange, you can exchange a refresh token for an access token by issuing an HTTPS POST request to Optimizely's authorization server.

The examples below show an example request and a successful response. In the event the user has revoked your access, you will receive an HTTP 400 response.


  • refresh_token: The refresh token returned from the authorization code exchange.
  • client_id: The client ID for your application (see app settings).
  • client_secret: The client secret for your application (see [app settings]( ered-apps)).
  • grant_type: As defined in the OAuth 2.0 spec, this field must contain a value of refresh_token.

Example POST request


Example JSON response

  "access_token": "abcdefghijklmnopqrstuvwxyz",
  "expires_in": 7200,
  "token_type": "bearer",