Refresh Token
/v1/tokenRefresh an Access Token
Use this endpoint to exchange a refresh token for a new access token. You should do this when:
- The access token has expired (~30 days)
- The access token has been compromised and needs to be rotated
Avoid re-authenticating with your clientId and clientSecret on every request — refresh tokens exist to keep those credentials out of frequent network traffic.
A refresh token is returned alongside the access token when you first authenticate via Client Credentials or Authorization Code. Store both tokens securely.
Step 1: Get Your Client ID and Client Secret
Go to RM Merchant Portal > Developer > Application.
Your application's Client ID from the Merchant Portal.
Example: 3208919753194101125
Your application's Client Secret from the Merchant Portal.
Example: mglve4W3UhPSGOV7gnwoYKyvbRCe83zZ
Step 2: Base64-encode Your Credentials
Concatenate your clientId and clientSecret with a colon, then Base64-encode the result.
Before encoding:
3675930941412424316:wmn7FUauXHdkoYa9182kCMkjGnNJVgin
After Base64 encoding:
MzY3NTkzMDk0MTQxMjQyNDMxNjp3bW43RlVhdVhIZGtvWWE5MTgya0NNa2pHbk5KVmdpbg==
Step 3: Make the Request
Include the Base64-encoded credentials in the Authorization header, and pass the refresh token in the request body.
Headers:
Content-Type: application/jsonAuthorization: Basic MzY3NTkzMDk0MTQxMjQyNDMxNjp3bW43RlVhdVhIZGtvWWE5MTgya0NNa2pHbk5KVmdpbg==
Body:
Must be set to "refresh_token".
Example: "refresh_token"
The refresh token returned when you last authenticated.
Example: "OgoHjoZy..."
Response Parameters
New Bearer token to use in subsequent API requests.
Example: eyJhbGci...
Token scheme. Always "Bearer".
Example: "Bearer"
New access token lifetime in seconds. 2,591,999 seconds ≈ 30 days.
Example: 2591999
A new refresh token. Replace your stored refresh token with this value.
Example: XtBwKrib...
New refresh token lifetime in seconds. Store this value to know when you need to re-authenticate from scratch.
Example: 1576799999