Tokens
Using Access Tokens
Authorization: OAuth <access token>
If the request yields an error response due to an expired token, the refresh token can be used to get a new access token. The session timeout value in Setup governs the expiration of access tokens. To change the timeout value, go to Setup, in the Quick Find box, enter Session Settings, and then select Session Settings.
If the request yields an error because an access token has been revoked, the client application must be re-authorized by the user in order to gain access.
Using Refresh Tokens
If the client application has a refresh token, it can use it to send a request for a new access token.
To ask for a new access token, the client application sends a POST request to https://login.instance_name/services/oauth2/token with the following query parameters.
Parameters | Description |
---|---|
grant_type | Value must be refresh_token for this flow. |
refresh_token | The refresh token the client application already received. |
client_id | Consumer key from the connected app definition. |
You can also include the following optional parameters.
Parameters | Description |
---|---|
client_secret | Consumer secret from the connected app definition. |
format | Expected return format. The default is json. Values are:
|
If this request is successful, the server returns a payload holding the access_token.
The following additional parameters are also returned, however, they aren't used with this flow and Connect REST API.
- instance_url
- id
- signature
- issued_at