Use the refresh token to get new tokens
When you obtain an access token, you will also get the refresh token if the client_secret
is passed in request.
Save your refresh token information in a secured place.
You will need the refresh token to get a new access token after the current one expires.
📘 Do these steps only when your access token expires.
- Select endpoint to request for refresh token.
Endpoint | Region |
---|---|
https://api.amazon.co.uk/auth/o2/token | Europe (EU) |
https://api.amazon.com/auth/o2/token | North America (NA) |
https://api.amazon.co.jp/auth/o2/token | Far East (FE) |
- In your POST request, include the parameters listed in the table.
Parameter | Description |
---|---|
grant_type |
The type of access grant requested. Must be refresh_token . |
refresh_token |
A long-lived token that can be exchanged for a new access token. |
client_id |
The client identifier of your Application. |
client_secret |
Optional. The secret value assigned to the client during registration. Don't use the client secret in a browser-based app because client secrets shouldn't be stored on web pages. If no client_secret is passed, the response returns no refresh token. |
- Do the POST request.
Sample CURL request using the NA endpoint:
curl -X POST --data \n
'grant_type=refresh_token
&refresh_token=$REFRESH_TOKEN
&client_id=$CLIENT_ID_FROM_PROFILE
&client_secret=$CLIENT_SECRET_FROM_PROFILE'
https://api.amazon.com/auth/o2/token'
Sample response:
HTTP/l.l 200 OK
Content-Type: application/json;charset UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"Atza|example-Dme37rR6CuUpSR",
"token_type":"bearer",
"expires_in":3600,
"refresh_token":"Atzr|example-tpJX2DeX"
}
- Proceed to Step 3. Construct URI and authorize request.
Last updated: Nov 21, 2024