Step 5: Get new access token using refresh token



Authentication endpoints are not being deprecated. These endpoints remain the same and use v1 in the endpoint URLs, as documented.


Using an expiring access token and refresh token enhances your application's security. An access token expires in 1 hour and a refresh token expires in 60 days.

To use an expiring access token and refresh token, you must enable the user authorization token feature during app creation. If you enable the expire authorization token feature, when you exchange an authorization code with an access token, you also get a refresh token in the JSON response. Use the refresh token to get a new access token without repeatedly asking the user for authorization.

Get or use a refresh token using the following POST request:

Query Parameters

  • grant_type=refresh_token
  • client_id — The application’s client ID
  • client_secret — The application’s client secret. The client secret must be kept confidential.
  • refresh_token — Include the refresh token.



You'll receive a JSON response containing the new expiring access token and refresh token.

  "token_type": "bearer",
  "team_id": 3074457358607431473,
  "access_token": "eyJtaXJvLm9yaWdpbiI6ImV1MDEifQ_o-P91OccaII0A63CDSK--x21xiI",
  "refresh_token": "eyJtaXJvLm9yaWdpbiI6ImV1MDEifQ_-PIBKmE9rzQuL3bUeAvUEGFEhLk",
  "scope": "boards:write boards:read identity:read",
  "expires_in": 3599