Skip to main content

Token Expiration

You should write your applications to anticipate the possibility that a granted token may no longer work. Access tokens are short-lived but they are issued with a single-use, long-lived refresh token that can be used to get new tokens. Applications can use the refresh token grant of the OAuth2 specification to obtain additional access tokens in order to prolong the application's access to a user's data.

info

Refresh tokens are not issued by Application-Only Flow. Tokens that your application obtains from the Application-Only Flow will not include a refresh token. Your application must authenticate to get new access tokens with this flow.

1. Obtain an access token​

Use the User-Login Authentication Flow to obtain an initial access token.

2. Use the refresh token to obtain a new access token​

The refresh token from the previous access token can be exchanged for new one.

Request​

curl -X POST "https://account.stubhub.com/oauth2/token"
-u "clientId:clientSecret" --basic
-H "Content-Type: application/x-www-form-urlencoded"
-d "grant_type=refresh_token"
-d "refresh_token=REFRESH_TOKEN"
--data-urlencode "scope=read:sellerlistings write:sellerlistings"

Headers​

NameValue
AuthorizationBasic {value from step 1}
Content-Typeapplication/x-www-form-urlencoded

Parameters​

NameTypeDescription
grant_typestringRequired. Value should be refresh_token
refresh_tokenstringThe refresh token received with a previous access token
scopestringSpace-delimited string of the scopes you would like

Response​

{
"access_token": "03807cb390319329bdf6c777d4dfae9c0d3b3c35",
"token_type": "bearer",
"expires_in": 3600,
"refresh_token": "2YotnFZFEjr1zCsicMWpAA",
"scope": "read:sellerlistings write:sellerlistings"
}