Updating Access Token

Relevant Information

  • This process only applies to OAuth 2.0 and Developer Console Authorization Flows.
    • This does not apply for SOAP Authorization Flow because that flow doesn't return a refresh token required for this process.
  • Access tokens expire at one hour after originally requested.
  • Use a refresh token at any time to obtain a new access token via this process.
  • Even if offline access is requested again, a new refresh token will not be generated.

Resource URL / Endpoint

POST https://api.channeladvisor.com/oauth2/token

Required Parameters

PropertyRequiredInclude InNote
AuthorizationRequiredHeader

Row record that provides the combined Application ID and Shared Secret RFC2045-MIME encoded.

Value must be "Basic [Application ID:Shared Secret]"

The application ID and shared secret must be concatenated using a colon then RFC2045-MIME (base-64) encoded. For example, the application ID is 12345 and shared secret is abcde, they should be concatenated (12345:abcde) and then encoded (MTIzNDU6YWJjZGU=) so that the final Authorization header looks like:

Authorization: Basic MTIzNDU6YWJjZGU=
Application IDRequiredHeader

Value generated when creating new application in Developer Console.

Should be combined with Shared Secret and RFC2045-MIME encoded. Must be written as Application ID:Shared Secret - no spaces around colon for encoding.

Include in resulting encoded value in header.

Shared SecretRequiredHeader

Value generated when creating new application in Developer Console.

Should be combined with Shared Secret and RFC2045-MIME encoded. Must be written as Application ID:Shared Secret - no spaces around colon for encoding.

Include in resulting encoded value in header.

Content-TypeRequiredHeader

Defines the body type. Must be "application/x-www-form-urlencoded".

No other body types supported.

grant_typeRequiredBodyValue must be "refresh_token".
refresh_tokenRequiredBodyValue must be an active Refresh Token.
Refresh TokenRequiredBody

Value generated one time and delivered during initial authorization request.

Cannot recover lost/misplaced value - must reauthorize and generate a new refresh token.

 

(must be written as Application ID:Shared Secret - no spaces around colon)

Note: The application ID and shared secret are concatenated using a colon then RFC2045-MIME encoded.  See Authorization Code Flow (step 5 on the OAuth 2.0 page for additional details).

Request Format
POST https://api.channeladvisor.com/oauth2/token

Authorization: Basic [application id:shared secret]
Content-Type: application/x-www-form-urlencoded
Body: grant_type = refresh_token &
      refresh_token = [refresh token]
HTTP Example Request
POST /oauth2/token HTTP/1.1
Host: api.channeladvisor.com
Authorization: Basic MTIzNDU6YWJjZGU=
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache

grant_type=refresh_token&refresh_token=acCD58Efghijk1L7mn-OPq0rTqOb5oRsTUvwxyZabcD
Example Response
{
  "access_token": [access token], 
  "token_type": "bearer", 
  "expires_in": 3600
}

 

Code samples provided here are generated by clients and their developers. ChannelAdvisor cannot provide code for API development purposes.

The API documentation is meant to represent the final format to be delivered to the API.

To see other developer's code to execute requests, post a question or request on the ChannelAdvisor Google Forum.