Use a Refresh Token to get a new Access Token

Before Getting Started

Use a Refresh Token

For the following, let's consider you've already generated an Access Token using the Authorization Code Grant Type or Password Grant Type. If your request was successful, you would have received the following details in your body response:

    {
        "access_token": "YOUR_ACCESS_TOKEN",
        "expires_in": 3600,
        "token_type": "Bearer",
        "scope": null,
        "refresh_token": "YOUR_REFRESH_TOKEN"
    }

In the response above, your Access Token is provided in the access_token field. The expires_in field lets you know that your Access Token is good for 1 hour (3600 seconds = 60 minutes). The refresh_token field provides you with a Refresh Token value, this is what we're looking for. A Refresh Token is good for 1 week.

Using a Refresh Token, we can exchange our old Access Token and Refresh token for a new set without having to start over from scratch. Let's say you've been making API Requests for an hour and you receive that response no one likes seeing:

    {
        "success": false,
        "errors": "Invalid token"
    }

Your 60 minutes is up! It's time for a new Access Token. Instead of starting over from the beginning, you can send an API request to the Refresh Token URL to keep the train moving.


Let's Try: Generate an Authorization Code and Access Token Using Postman

Before we go too far, let's make sure Postman has everything it needs in a new Postman tab.

Postman Configuration

1. Open a new Postman tab and configure as follows

  • Request Method: POST
  • Request URL: https://data.emergencyreporting.com/refreshtoken/Token.php

Headers

KEY VALUE
Content-Type application/json
Ocp-Apim-Subscription-Key YOUR_PRODUCT_SUBSCRIPTION_PRIMARY_KEY
Postman Header Configuration

2. Tap/click the "Body" section, select "raw" and populate with the following

Body (raw)

    {
        "grant_type": "refresh_token",
        "client_id": "YOUR_CLIENT_ID",
        "client_secret": "YOUR_CLIENT_SECRET",
        "refresh_token": "YOUR_REFRESH_TOKEN"
    }

3. Tap/click "Send" to receive your new (second) Access Token and Refresh Token

    {
        "access_token": "YOUR_SECOND_ACCESS_TOKEN",
        "expires_in": 3600,
        "token_type": "Bearer",
        "scope": null,
        "refresh_token": "YOUR_SECOND_REFRESH_TOKEN"
    }

4. Use YOUR_SECOND_ACCESS_TOKEN for additional API Requests for up to another hour

5. After almost another hour has passed and your new Access Token is about to expire (or has already expired), use YOUR_SECOND_REFRESH_TOKEN from your last API Authorization call to get a third (new) Access Token and Refresh Token pair

  • In the Postman Body (raw) "refresh_token" field, replace the existing value with the value from YOUR_SECOND_REFRESH_TOKEN to get the following:
    {
        "access_token": "YOUR_THIRD_ACCESS_TOKEN",
        "expires_in": 3600,
        "token_type": "Bearer",
        "scope": null,
        "refresh_token": "YOUR_THIRD_REFRESH_TOKEN"
    }

Rinse, lather, repeat for all subsequent Authorization calls. If an Access Token is about to expire, use the previous refresh token to get a new Access Token and Refresh Token.


Back to Top