Issuing the Refresh Token

  • An Access Token is required for API calls.
  • However, the validity period of the Access Token is relatively short, so the Refresh Token can be used to have the Access Token reissued.
  • This guide is a development guide for reissuing the Access Token using the Refresh Token.

Reissuing the token (Issuing the Refresh Token)

  • The Access Token has a short validity period and can no longer be used once expired.
  • You can use the Refresh Token to reissue your Access Token.
  •  
  •   - The Refresh Token is valid for two weeks and can be exchanged with an Access Token until it expires.
  •   - The Refresh Token is reissued when exchanging with an Access Token, and the old Refresh Token can no longer be used.
  •  
  •  
  • - Request format and sample for code reissuance
Request format

POST /api/v2/oauth/token
Authorization: Basic {base64_encode({client_id}:{client_Secret})}


Request sample

curl -X POST \
  'https://{{mallid}}.cafe24api.com/api/v2/oauth/token' \
  -H 'Authorization: Basic S3hWd2RCTjdPVk5uQjNGMHM3UzFNRDpFaEZnM0xYak1KR21BZWV5MUliaXhI' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=refresh_token' \
  -d 'refresh_token=JTb2dldHRTSDpCcklmcUVLb1Bx'

Request format and sample for code reissuance
Key Description
grant_type Fixed to string value ‘Refresh Token.’
refresh_token The Refresh Token received when issuing the Access Token.


  • - Response format and sample for token issuance
  • Receive a new Refresh Token that can be used to renew the Access Token, its expiration time or the token itself.
Response sample

HTTP/1.1 200 OK
{
  "access_token": "HVBVuQgjIRUGHE5CBOiKRGC",
  "expires_at": "2018-01-08T19:15:21.981",
  "refresh_token": "euIChI80BQWWCJEiwTHWCrG",
  "client_id": "KxVwdBN7OVtnbS3F0s7S1MD",
  "mall_id": "{{mallid}}",
  "user_id": "{{mallid}}",
  "scopes": [
    "mall.read_product",
    "mall.read_store"
  ],
  "issued_at": "2018-01-08T17:15:22.083"

}

Response format and sample for token issuance
Key Contents
access_token Reissued Access Token
expires_at Expiration date and time of Access Token
refresh_token Used to reissue the renewed Refresh Token and the expired Access Token
client_id Client ID
mall_id Mall ID
user_id User ID
scopes List of scopes that have accepted permissions
issued_at Date of issue


  • - Error Response format and sample
  • Provides an error response to redirect_uri.
Error Response sample

HTTP/1.1 401 Unauthorized
{"error":"invalid_request","error_description":"code \uc720\ud6a8\uc131 \uc2e4\ud328"}

Request format sample for code issuance
Key Description
error The error code value defined in section 5.2 of the OAuth 2.0 authorization framework.
error_description A detailed description of the error.
Error format and sample for code issuance
Error code What happens How to fix errors
invalid_client When requesting without client_id, client_secret values Make sure you have entered the Authorization value in the header.
invalid_request When requesting with a missing Refresh Token value Check the missing values.
unsupported_grant_type When the requested grant_type is missing or not a ‘Refresh_Token’ Make sure that "grant_type = refresh_token" is specified.
invalid_grant When requesting with the wrong client_id and client_secret Check the app information you created in the Developer Center.
When requesting a wrong or expired Refresh Token Check if the Refresh Token value is old or expired.
Proceed to the issuance of a new code referring to "code issuance."