You can request a new Access Token using your Refresh Token.
Access Tokens are short lived to reduce the severity of a potential leak.
When you need to request a new Access Token you will make another POST request to our https://app.usecanopy.com/oauth2/token endpoint.
Refresh Tokens can only be used once. When you request a new Access Token you will also get a new Refresh Token to use for a future request. If you attempt to use a Refresh Token twice we will treat it as a potential security event and all tokens will be automatically invalidated. You will have to restart the OAuth 2.0 grant process for the user from the beginning.
You should reuse Access Tokens until close to their expiry date rather than continuously generating new ones with your Refresh Token. We will issue you a finite number of Access Tokens that are valid before we start to revoke older tokens.
Request Parameters
Your
POSTrequest body should beapplication/x-www-form-urlencodedencoded.
| Parameter | Description | Type |
|---|---|---|
client_id | The Client ID you were assigned when Creating Your App. | Required |
client_secret | The Client Secret you were assigned when Creating Your App. | Required |
grant_type | This must be set to refresh_token. | Required |
refresh_token | The most recently issued Refresh Token for your Access Token. | Required |
Response Parameters
Success
If the token request is successful the response body will contain a JSON object with the following properties:
| Property | Description |
|---|---|
access_token | The new Access Token you can use to authenticate when Making API Requests. |
expires_in | The number of seconds before the Access Token expires. |
refresh_token | A new Refresh Token you can use to request a new Access Token when it has expired. |
team_id | The ID of the Canopy Connect Team your App is authorized to make requests for. |
token_type | The Access Token type, which will always be bearer. |
The
access_tokenandrefresh_tokenvalues are encoded as JSON Web Tokens. You can decode them and check theexpvalue to get the precise time that they will expire.
Failure
If there is an issue with your token request we will return a 400 Bad Request response with a JSON object containing an error code and possible error_description value. This indicates a problem with your request which you will need to investigate before proceeding.
Your App should also handle 5xx error responses if there is an issue with our service at the time of your request. This indicates a temporary issue and your request can be retried.