Renew Access Token
The Refresh token flow is used to exchange a temporary grants of type refresh_token
for an Access Token when the current Access Tokenis close to expiry. The Access Token received through the endpoint is valid for 180 days, after which the entire authorization flow must be reconfigured.
Additionally, the flow allows you to continue using a valid Access Token with the same characteristics as the original token without the need for a new interaction with the user. By performing this flow, the original token is exchanged for a new one which also offers the ability to limit scopes by returning a new refresh token for future exchange.
Follow the steps below to renew the Access Token.
- Send the
refresh_token
code, your credentials, and theauthorization_code
(see Creation) to the /oauth/token endpoint with therefresh_token
code in thegrant_type
string to receive a new response with a newaccess_token
and a newrefresh_token
. - Update the application with the Access Token received in the response.
<?php
$client = new OauthClient();
$request = new OAuthRefreshRequest();
$request->client_secret = "CLIENT_SECRET";
$request->client_id = "CLIENT_ID";
$request->refresh_token = "REFRESH_TOKEN";
$client->refresh($request);
?>
OauthClient client = new OauthClient();
String refreshtoken = "TG-XXXXXXXX-241983636";
client.createCredential(refreshtoken, null);
const client = new MercadoPagoConfig({ accessToken: 'access_token', options: { timeout: 5000 } });
const oauth = new OAuth(client);
oauth.refresh({
'client_secret': 'your-client-secret',
'client_id': 'your-client-id',
'refresh_token': 'refresh-token'
}).then((result) => console.log(result))
.catch((error) => console.log(error));
curl -X POST \
'https://api.mercadopago.com/oauth/token'\
-H 'Content-Type: application/json' \
-d '{
"client_id": "client_id",
"client_secret": "client_secret",
"grant_type": "refresh-token",
"refresh_token": "TG-XXXXXXXX-241983636",
}'