# Refresh an Access Token When your access token expires, you can use a refresh token to obtain a new access token without requiring the user to re-authenticate. Complete details of the specification are available in [RFC 6749 section 6](https://www.rfc-editor.org/rfc/rfc6749#section-6). Send the following parameters www-form-encoded in the request body to the token endpoint: | Environment | Token Endpoint | | --- | --- | | Production | https://auth.dailypay.com/oauth2/token | | UAT | https://auth.uat.dailypay.com/oauth2/token | ```json { "$ref": "#/components/schemas/RefreshTokenRequest", "components": { "schemas": { "RefreshTokenRequest": { "type": "object", "title": "Refresh token", "required": [ "grant_type", "refresh_token", "client_id" ], "properties": { "grant_type": { "type": "string", "description": "The OAuth2 grant type", "const": "refresh_token" }, "refresh_token": { "type": "string", "description": "A refresh token received from a previous token request", "example": "rt.ML_PsNjfQA4M7iupH_3jw" }, "client_id": { "description": "The client id of the application refreshing the token.", "type": "string", "example": "your_client_id" }, "client_secret": { "type": "string", "description": "The client secret of the application refreshing the token, if available.", "example": "your_client_secret" }, "scope": { "type": "string", "description": "A space-separated list of scopes to request in the access token. If not provided, the scopes will default to those originally granted.", "example": "user:read" } } } } } } ``` The resulting access token can be used to make requests to the DailyPay REST API: > The authorization code, access token, and refresh tokens can vary in size but will typically remain under 4096 bytes.