Refresh Tokens

Obtaining an access token via the OAuth 2.0 Authorization Code grant flow offers a refresh token. Whilst access tokens expire after just 1 hour, a refresh token expires after 60 days and may be used to obtain a fresh access token.

Using a refresh token

You may exchange a refresh_token for an access_token by making a POST request to the following URL

POST https://{account}

Replace {account} with the unique identifier for correct Evance Account. 

Your post request must include the following parameters in the body of the request:

grant_type  Must have a value of "refresh_token".
refresh_token  The refresh token previously issued to the client.
scope Optional. The requested scope must not include scopes additional to those in the original access_token token request.
client_id Your App's Client ID from your API Credentials.
client_secret Your App's secret key - equivalent to a password.

A successful request will receive a JSON response from the server similar to the following:

    "access_token": "43e213757dd5a224ace6ffc22b8c436219c5830b",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": null,
    "refresh_token": "59461d2abd392f2c6fd36de836f0660ac6214ee5"

Your new access token will expire after 1 hour and you will be issued with a new refresh token which replaces supersedes the refresh token used for this request.

COVID-19 NOTICE – Business as Usual
Evance continues to provide all services and support throughout this difficult period. See our full statement here