Once the access_token has expired, the client software should use the refresh_token to obtain a new access token. To do so, the client software sends the "Access Token Request" to the system and sends the following information: grant_type, refresh_token, client_id, and client_secret.
POST {RMUrl}/APIIntegration/Token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: modulo.com
client_id=02f2faa7ef4143a4a20a45234b531fac&client_secret=7f3da9f354b64b8793a3269c57f2c784&grant_type=refresh_token&refresh_token=626333EA48628394B1A496984A81335C2740106C
Once the "Access Token Request" is received, the system validates the information. For example: it verifies the existence of the client_id, whether or not the client_secret is associated with the correct client_id, and whether or not the refresh_token is valid.
If the system validates the information, it returns an "Access Token Response" to the client software with the following information: access_token, token_type, and expires_in. The system stores the access_token until its expiration date. The "Access Token Response" always includes the "HTTP Cache-Control" as "no-store".
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
{
"access_token": "8BAF43E5E9EED4A14E06AD75D9200193282B7528",
"token_type": "bearer",
"expires_in": 86400
}