Newer Version Available
Tokens
As part of both authentication flows, you will be working with access tokens and refresh tokens.
Using Access Tokens
To make a successful Connect REST API request, you must include a valid access token in the
request. This can be done by using the HTTP Authorization
header:
If the request yields an error response due to an expired token, the refresh token can be used to get a new access token.
If the request yields an error because an access token has been revoked, the client application must be re-authorized by the user in order to gain access.
Using Refresh Tokens
If the client application has a refresh token, it can use it to send a request for a new access token.
To ask for a new access
token, the client application should send a POST request to https://login.instance_name/services/oauth2/token with the following query parameters:
| Parameters | Description |
|---|---|
| grant_type | Value must be refresh_token for this flow. |
| refresh_token | The refresh token the client application already received. |
| client_id | Consumer key from the connected app definition. |
You can also include the following optional parameters:
| Parameters | Description |
|---|---|
| client_secret | Consumer secret from the connected app definition. |
| format | Expected return format. The default is json. Values are:
|
If this request is successful, the server returns a payload holding the access_token.
The following additional parameters are also returned, however, they aren't used with this flow
and Connect REST API:
- instance_url
- id
- signature
- issued_at