Fanatics EcoSystem
  • Fanatics ID
  • Loyalty
  • Start Here
  • Setup
  • Single Sign On
    • Authorization
    • Code Exchange
    • Refresh Token
    • Logout
    • ID Token
    • Environments
    • Scopes
    • Account Management
    • OpenID Config
  • Server to Server
    • Authentication
    • Environments
    • Scopes
  • Point of Sale
    • Assertion Usage
Powered by GitBook
On this page
  1. Single Sign On

Refresh Token

Once an access token has expired you can use your refresh token to get a new access token. This activity should be performed server to server as it includes your client secret which must be treated as a password and you should never expose it to clients.

Request

URL

/api/oauth2/token

Data

For the token exchange you will send the following fields.

Name
Value

grant_type

refresh_token

refresh_token

The refresh_token value from the code exchange.

client_id

The same client_id value you sent in to the authorization step.

client_secret

This is your client secret that was generated when the client was configured.

Response

Name
Description

access_token

This token can be used to call any of our APIs that you have the right permissions and scopes to call.

expires_in

The number of seconds the access token is good for.

refresh_token

token_type

Bearer

Documentation

PreviousCode ExchangeNextLogout

Last updated 3 months ago

A refresh token that can be used for generating a new access token after the current one expires. This will be the same refresh token that was sent in unless you have enabled on your client.

Refresh Token Rotation
  • Request
  • URL
  • Data
  • Response
  • Documentation
  • POSTOIDC Token

OIDC Token

post
Body
client_idstringRequired

Your OAuth2 client id

client_secretstringRequired

Your OAuth2 client secret

codestringOptional

The OAuth code used for retrieving a bearer token

grant_typestringRequired

Grant type

partner_session_idstringOptional

Any session ids you want us to persist on the session

redirect_uristringOptional

The OAuth2 redirect URI

refresh_tokenstringOptional

The OAuth refresh token.

Responses
200
tokens
application/json
400
Bad request
application/json
401
Forbidden
application/json
404
Not Found
application/json
429
Rate Limited
application/json
500
Internal error
application/json
post
POST /api/oauth2/token HTTP/1.1
Host: 
Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 150

"client_id='text'&client_secret='text'&code='text'&grant_type='text'&partner_session_id='text'&redirect_uri='text'&refresh_token='text'"
{
  "access_token": "fiatz2H1kXuV59EdN_jeCA32qHuBOz...",
  "expires_in": 3600,
  "id_token": "eyJhbGciOiJFZERTQSIsIdsdjfbgksu...",
  "refresh_token": "firt6tsF90LTf8LYCYPtdh8q4qr3c...",
  "token_type": "Bearer"
}