Token expiration
As a security best practice, our access tokens have a lifetime of 24 hours. After that time has elapsed, if you try
to use the token to push a data packet, you will receive a 401 Unauthorized error.
You can verify the token expiration before making your request by checking the expires_at value in the decoded JWT (JSON Web Token).
We recommend decoding the token when you receive it and saving the expires_at value alongside your access and your refresh token.
Refreshing the token
In order to refresh an access token you need to make a request to the /oauth/token endpoint as you did before but
using the refresh_token grant type and the refresh token you saved originally.
Exchanging the authorization code for an access and refresh token pair
curl -X POST \
-H "Content-Type: application/json" \
-d '{
"grant_type": "refresh_token",
"refresh_token": "'$REFRESH_TOKEN'",
"client_secret": "'$CLIENT_SECRET'",
"client_id": "'$CLIENT_ID'",
"redirect_uri": "'$REDIRECT_URI'"
}' \
https://source.tartle.co/oauth/token
- Name
grant_type- Type
- string
- Description
This is a standard OAuth 2.0 parameter, set it to
refresh_tokenwhen refreshing the access token.
- Name
refresh_token- Type
- string
- Description
The refresh token you saved originally.
- Name
client_secret- Type
- string
- Description
The client secret you saved somewhere when you created the client. This was only available to you at the time of creation and should be stored securely. See our Security Guide for more information.
- Name
client_id- Type
- string
- Description
The client id you received when you created the client and you can find it in your developer settings.
- Name
redirect_uri- Type
- string
- Description
The redirect uri you used when you created the client and you can find it in your developer settings.
You can find an example of refreshing a token in the TARTLE OAuth Test App