How to Obtain and Use Refresh Tokens
A valid access token is required to make a successful API call for GoTo products. Access tokens have a lifespan of 60 minutes. Getting a new access token requires a new login and new token request, or - more easily - a request that contains a refresh token. Refresh tokens are good for longer periods.
To use a refresh token, you send an API token request with a grant type of refresh_token with the refresh token value from the original token request. A sample request is shown below in cURL format.
NOTE: The refresh_token displayed in the examples on this page are truncated. The tokens are significantly larger.
curl --request POST 'https://authentication.logmeininc.com/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic YTIwfAKeNGYtODY4YS00MzM5LTkzNGYtNGRhMmQ3ODhkMGFhOjNuYU8xMElBMmFnY3ZHKzlJOVRHRVE9PQ==' \
-d 'grant_type=refresh_token&refresh_token=eyJraWQiOiJvYXV0aHYyLmxt999...'The Authorization header value is the same as the one you used to obtain the original token, namely the string of clientID:clientSecret base64 encoded. The refresh token is the value received in the results body when you received the original access token.
Response example
IMPORTANT: The access token value is truncated. It is a much larger value.
{
"access_token": "eyJraWQiOiJvYXV0aHYyLmxt666...",
"expires_in": 3600,
"scope": "users.v1.lines.read calls.v2.initiate",
"principal": "mahar.singh@company.com",
}
As you can see in the above example, there is no refresh_token field in the response body. But, if a new refresh token has been issued because the old one has expired, the response payload will look as below:
{
"access_token": "eyJraWQiOiJvYXV0aHYyLmxt666...",
"token_type": "Bearer",
"refresh_token": "eyJraWQiOiJvYXV0aHYyLmxt999...",
"expires_in": 3600,
"scope": "users.v1.lines.read calls.v2.initiate",
"principal": "mahar.singh@company.com"
}
Response data
The following is sample output.
| Parameter | Description |
|---|---|
| access_token | OAuth access token |
| refresh_token | OAuth refresh token (Only present when replacing previous refresh token) |
| principal | Who the token represents |
| scope | The allowed scope(s) for the issued token, separated by a whitespace |
| expires_in | The number of seconds until the access token expires |
This access token can now be used to authorize API requests by setting it in the Authorization header with the following format:
Authorization: Bearer {access_token}Example of use
Event 1: Generate an access token. The body of the response contains a new valid access token and a refresh token.
Event 2: At any time when you need access (within the next 30 days), send a grant type=refresh token request using the original refresh token to get a new access token. There will not be a refresh token included in the payload until Event 3.
Event 3: At some point within the next 30 days, the response body will contain a new refresh token, good for the next 30 days. Discard the original refresh token and store this new refresh token. Events 2 and 3 can be repeated.