Skip to content

Refresh Access Token


POST /oauth/token

When a user access token expires, if a refresh token was issued with the original auth response, this token can be used to generate a new access token without requiring the end user to authenticate manually.

In order to succeed, this request requires the same client Id and secret that was used to grant the refresh token.


Because any existing access token has typically expired, an Authorization header should not be provided in this request.

Data Parameters

Key Value Description
grant_type refresh_token REQUIRED
refresh_token String REQUIRED the refresh token from the original auth response
client_id String REQUIRED The client ID as provided by huggg
client_secret String REQUIRED The client secret as provided by huggg


HTTP POST /oauth/token
Content-Type: application/json

    "grant_type": "refresh_token",
    "refresh_token": "abc123",
    "client_id": "abc",
    "client_secret": "xyz"



HTTP/1.1 200 OK

    "token_type" : "Bearer",
    "expires_in" : 3600,
    "access_token" : "nRC9jT/Q5E+SkeF4RqmJ6A==",
    "refresh_token" : "9s64sIpOsE20sJQQKIEVfw=="

This request will fail if the client details do not match those used in the original access token request.

HTTP/1.1 401 Unauthorized

    "error": "Authentication failed."