Documentation Version
Winter '16 (API version 35.0)
  • Winter '16 (API version 35.0) 35.0
  • Summer '15 (API version 34.0) 34.0
  • Spring '15 (API version 33.0) 33.0
  • Winter '15 (API version 32.0) 32.0
  • Summer '14 (API version 31.0) 31.0
  • Spring '14 (API version 30.0) 30.0
  • Winter '14 (API version 29.0) 29.0
  • English

Using Tokens

As part of both authentication flows, you will be working with access tokens and refresh tokens.

Using Access Tokens

To make a successful Chatter REST API request, you must include a valid access token in the request. This can be done by using the HTTP Authorization header:
Authorization: OAuth <access token>

If the request yields an error response due to an expired token, the refresh token can be used to get a new access token.

If the request yields an error because an access token has been revoked, the client application must be re-authorized by the user in order to gain access.

Using Refresh Tokens

If the client application has a refresh token, it can use it to send a request for a new access token.

To ask for a new access token, the client application should send a POST request to https://login.instance_name/services/oauth2/token with the following query parameters:
Parameters Description
grant_type Value must be refresh_token for this flow.
refresh_token The refresh token the client application already received.
client_id Consumer key from the connected app definition.
You can also include the following optional parameters:
Parameters Description
client_secret Consumer secret from the connected app definition.
format Expected return format. The default is json. Values are:
  • urlencoded
  • json
  • xml

If this request is successful, the server returns a payload holding the access_token.

The following additional parameters are also returned, however, they aren't used with this flow and Chatter REST API:
  • instance_url
  • id
  • signature
  • issued_at