# Refresh an Access Token

When your access token expires, you can use a refresh token to obtain a new access token without requiring the user to re-authenticate.

Complete details of the specification are available in [RFC 6749 section 6](https://www.rfc-editor.org/rfc/rfc6749#section-6).

Send the following parameters www-form-encoded in the request body to the token endpoint:

| Environment | Token Endpoint |
|  --- | --- |
| Production | https://auth.dailypay.com/oauth2/token |
| UAT | https://auth.uat.dailypay.com/oauth2/token |


The resulting access token can be used to make requests to the DailyPay REST API:

> The authorization code, access token, and refresh tokens can vary in size but will typically remain under 4096 bytes.