Issuing the refresh token

  • An Access Token is required for API calls.
  • However, the validity period of the Access Token is relatively short, so the refresh token can be used to have the Access Token reissued.
  • This guide is a development guide for reissuing the access token using the refresh token.

Reissuing the token (Issuing the refresh token)

  • The access token has a short validity period and can no longer be used once expired.
  • You can use the refresh token to reissue your access token.
  •  
  •   - The refresh token is valid for two weeks and can be exchanged with an access token until it expires.
  •   - The refresh token is reissued when exchanging with an access token, and the old refresh token can no longer be used.
  •  
  •  
  • - Request format and sample for code reissuance
Request format

POST /api/v2/oauth/token
Authorization: Basic {base64_encode({client_id}:{client_Secret})}


Request sample

curl -X POST \
'https://{{mallid}}.cafe24api.com/api/v2/oauth/token' \
  -H 'Authorization: Basic S3hWd2RCTjdPVk5uQjNGMHM3UzFNRDpFaEZnM0xYak1KR21BZWV5MUliaXhI' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=refresh_token' \
  -d 'refresh_token=JTb2dldHRTSDpCcklmcUVLb1Bx'

Request format and sample for code reissuance
Key Description
grant_type Fixed to string value ‘refresh token.’
refresh_token The refresh token received when issuing the access token.


  • - Response format and sample for token issuance
  •   Receive a new refresh token that can be used to renew the access token, its expiration time or the token itself.
Response sample

HTTP/1.1 200 OK
{
  "access_token": "HVBVuQgjIRUGHE5CBOiKRGC",
  "expires_at": "2018-01-08T19:15:21.981",
  "refresh_token": "euIChI80BQWWCJEiwTHWCrG",
  "client_id": "KxVwdBN7OVtnbS3F0s7S1MD",
  "mall_id": "{{mallid}}",
  "user_id": "{{mallid}}",
  "scopes": [
    "mall.read_product",
    "mall.read_store"
  ],
  "issued_at": "2018-01-08T17:15:22.083"

}

Response format and sample for token issuance
Key Contents
access_token Reissued access token
expires_at Expiration date and time of access token
refresh_token Used to reissue the renewed refresh token and the expired access token
client_id Client ID
mall_id Mall ID
user_id User ID
scopes List of scopes that have accepted permissions
issued_at Date of issue


  • - Error Response format and sample
  •   Provides an error response to redirect_uri.
Error Response sample

HTTP/1.1 400 Bad Request

{
    "error":"invalid_grant",
    "error_description":"refresh_token is not valid."
}
Request format sample for code issuance
Key Description
error The error code value defined in section 5.2 of the OAuth 2.0 authorization framework.
error_description A detailed description of the error.
Error format and sample for code issuance
Error code What happens How to fix errors
invalid_client When requesting without client_id, client_secret values Make sure you have entered the Authorization value in the header.
invalid_request When requesting with a missing refresh token value Check the missing values.
unsupported_grant_type When the requested grant_type is missing or not a ‘Refresh_Token’ Make sure that "grant_type = refresh_token" is specified.
invalid_grant When requesting with the wrong client_id and client_secret Check the app information you created in the Developer Center.
When requesting a wrong or expired refresh token Check if the refresh token value is old or expired.
Proceed to the issuance of a new code referring to "code issuance."