How to Obtain and Use Refresh Tokens
A valid access token is required to make a successful API call for GoTo products. Access tokens have a lifespan of 60 minutes. Getting a new access token requires a new login and new token request, or - more easily - a request that contains a refresh token. Refresh tokens are good for longer periods.
To use a refresh token, you send an API token request with a grant type of refresh_token with the refresh token value from the original token request. A sample request is shown below in cURL format.
NOTE: The refresh_token displayed in the examples on this page are truncated. The tokens are significantly larger.
curl --request POST 'https://authentication.logmeininc.com/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic YTIwfAKeNGYtODY4YS00MzM5LTkzNGYtNGRhMmQ3ODhkMGFhOjNuYU8xMElBMmFnY3ZHKzlJOVRHRVE9PQ==' \
-d 'grant_type=refresh_token&refresh_token=eyJraWQiOiJvYXV0aHYyLmxt999...'
The Authorization header value is the same as the one you used to obtain the original token, namely the string of clientID:clientSecret base64 encoded. The refresh token is the value received in the results body when you received the original access token.
Response example
IMPORTANT: The access token value is truncated. It is a much larger value.
{
"access_token": "eyJraWQiOiJvYXV0aHYyLmxt666...",
"expires_in": 3600,
"scope": "users.v1.lines.read calls.v2.initiate",
"principal": "mahar.singh@company.com",
}
As you can see in the above example, there is no refresh_token field in the response body. But, if a new refresh token has been issued because the old one has expired, the response payload will look as below:
{
"access_token": "eyJraWQiOiJvYXV0aHYyLmxt666...",
"token_type": "Bearer",
"refresh_token": "eyJraWQiOiJvYXV0aHYyLmxt999...",
"expires_in": 3600,
"scope": "users.v1.lines.read calls.v2.initiate",
"principal": "mahar.singh@company.com"
}
Response data
The following is sample output.
Parameter | Description |
---|---|
access_token | OAuth access token |
refresh_token | OAuth refresh token (Only present when replacing previous refresh token) |
principal | Who the token represents |
scope | The allowed scope(s) for the issued token, separated by a whitespace |
expires_in | The number of seconds until the access token expires |
This access token can now be used to authorize API requests by setting it in the Authorization header with the following format:
Authorization: Bearer {access_token}
Example of use
Event 1: Generate an access token. The body of the response contains a new valid access token and a refresh token.
Event 2: At any time when you need access (within the next 30 days), send a grant type=refresh token request using the original refresh token to get a new access token. There will not be a refresh token included in the payload until Event 3.
Event 3: At some point within the next 30 days, the response body will contain a new refresh token, good for the next 30 days. Discard the original refresh token and store this new refresh token. Events 2 and 3 can be repeated.
- How do I get started?
- How to create a developer account
- How to create an OAuth client
- How to obtain an OAuth access token
- How to obtain an OAuth access token (in Node.js)
- How to Obtain and Use Refresh Tokens
- Migrating to New Token Retrieval with authentication.logmeininc.com
- How to use GoToConnect API to fetch account users and lines
- How to create, update and delete account users via Admin API
- Call Events Screen Pop Tutorial
- Send SMS tutorial
- How to use Voice Admin APIs
- How to create a channel and receiving notifications from GoTo services
- How to subscribe to and get call events
- Fetching Call Events Reports
- Make and Receive Calls using the Devices and Calls API
- GoTo Connect APIs Host Migration
- GoToWebinar webhooks
- How to use GoToWebinar webhooks
- What API information is available for GoToMyPC?
- How to Setup an Integration with Central
- How to Setup an Integration with Rescue
- Rescue iOS and Andriod SDK
- Introduction
- Java SDK
- .NET SDK
- Direct login migration
- How to use Postman API collections
- How much do the GoTo APIs cost?
- How do I get support for the APIs?
- Rate Limiting