Refresh Token API - WhatsApp

This API is used to generate a refresh token to obtain a renewed access token using client ID.



You can use this API when the token generated using the Get Token API has expired. The expiry period of the token generated using this API is configurable by you (partner). The expiry period (in seconds) of the token is displayed in the expires_in parameter of the response.


Request parameters

StringThis parameter will contain the public Client ID.6f8bb4951e030d4d7349e64a144a53477 8673585f86039617c167166e9154f7e
StringThis parameter will contain the client secret.
StringThis parameter will contain the value as refresh_token.refresh_token
String Indicates the refresh token. This is the token that was generated using the Get Access Token - WhatsApp. 

Sample request

curl --location -g --request POST '' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={{client_id}}' \
--data-urlencode 'client_secret={{client_secret}}' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'refresh_token={{refresh_token}}'

Response parameters

access_tokenIndicates the Security Token used to get access in Partner/Payouts API calls.
token_typeType of authorization token
expire_inIndicates the TTL i.e., the time limit (in seconds) after which the Security Token will expire
refresh_tokenUsed to refresh the access_token. To know more, read Refresh Token section
scopeRepresents the allowed scopes in generated security token. For e.g., the generated token can be used only for Payouts API requests
created_atIndicates the Time of Creation in milliseconds
user_uuidIndicates the Unique Identifier for the user.

Sample response

Successful transaction


  "access_token": "8703474d8779483d9a298666faafa1ee5c1fc24c71dc1890dc7484e19cf27c9e",
  "token_type": "Bearer",
  "expires_in": 7199,
  "refresh_token": "249fbf69a7841aa28cc494984b45efcb22537c0cedbb672c6fa18ba8eb21d8ce",
  "scope": "hub_session",
  "created_at": 1553511296,
  "user_uuid": "11e7-a7f6-f0494f6c-bbb7-4a020b6b2b14"

Failure scenarios

401without grant Type{ "error": "invalid_request", "error_description": "The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed." }
401without refresh token{ "error": "invalid_request", "error_description": "The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed." }
401with invalid client{ "error": "invalid_client", "error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method." }
401without client secret{ "access_token": "8703474d8779483d9a298666faafa1ee5c1fc24c71dc1890dc7484e19cf27c9e", "token_type": "Bearer", "expires_in": 7199, "refresh_token": "249fbf69a7841aa28cc494984b45efcb22537c0cedbb672c6fa18ba8eb21d8ce", "scope": "hub_session", "created_at": 1553511296, "user_uuid": "11e7-a7f6-f0494f6c-bbb7-4a020b6b2b14" }
401with invalid grant type{ "error": "unsupported_grant_type", "error_description": "The authorization grant type is not supported by the authorization server." }
401invalid refresh token{ "error": "invalid_grant", "error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client." }