When your access token expires, you can use a refresh token to obtain a new access token without requiring the user to re-authenticate.
Complete details of the specification are available in RFC 6749 section 6.
Send the following parameters www-form-encoded in the request body to the token endpoint:
| Environment | Token Endpoint |
|---|---|
| Production | https://auth.dailypay.com/oauth2/token |
| UAT | https://auth.uat.dailypay.com/oauth2/token |
The OAuth2 grant type
A refresh token received from a previous token request
The client id of the application refreshing the token.
The client secret of the application refreshing the token, if available.
A space-separated list of scopes to request in the access token. If not provided, the scopes will default to those originally granted.
- Production environment
https://auth.dailypay.com/oauth2/token
- Development environment
https://auth.uat.dailypay.com/oauth2/token
- JavaScript
- Go
- C#
- Java
- Python
- Ruby
- cURL
const formData = {
grant_type: 'refresh_token',
refresh_token: 'rt.ML_PsNjfQA4M7iupH_3jw',
client_id: 'your_client_id',
client_secret: 'your_client_secret',
scope: 'user:read'
};
const resp = await fetch(
`https://auth.dailypay.com/oauth2/token`,
{
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: new URLSearchParams(formData).toString()
}
);
const data = await resp.text();
console.log(data);The resulting access token can be used to make requests to the DailyPay Public REST API:
{ "access_token": "dpo_38347Ae178B4a16C7e42F292c6912E7710c8", "refresh_token": "dpo_38347Ae178B4a16C7e42F292c6912E7710c9", "token_type": "bearer", "scope": "user:read_write", "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.4FjJ3eZJYJj7J9Jf", "expires_in": 3600 }
The authorization code, access token, and refresh tokens can vary in size but will typically remain under 4096 bytes.