Community

Refreshing the access token

All access tokens have a brief usable lifetime (currently one hour), after which they expire. To continue accessing that user's data, the app should obtain a new access token using the refresh token that was issued alongside the previously issued access token. This refresh must be performed before the refresh token's expiration (currently 180 days). To refresh a token, make a POST request to https://api.lucid.co/oauth2/token with a Refresh Access Token body.

The response will match the format of the OAuth2 token response and contain another refresh token. This new refresh token can itself be refreshed, meaning that once a user authorizes a token with the offline_access scope, the application housing the tokens can access the user's authorized resources for an indefinite period of time. As refreshing a token does not require the user to open a browser, this indefinite access can be maintained completely programmatically (i.e. without further user intervention).

However, if it is not used, a refresh token will expire 180 days after it was created. If the refresh token expires in this way, the application will have to request access from the user again.

Refreshing a token invalidates the old access and refresh tokens. Be sure the app stores the new tokens returned in the response.

📘

Important

Be sure to request the offline_access scope if the app will want to be able to refresh tokens.

curl 'https://api.lucid.co/oauth2/token' \
     --request 'POST' \
     --header 'Content-Type: application/json' \
     --data-raw '{
         "refresh_token": "oauth2-Yzh4Y2Q3ZTVhY2FjYjkwOGJlZGNjNjU5NDM2NjgzZmUwMmNmMjkzM...",
         "client_id": "30VYbvlkqZv-SmJd7fTdpH9B9et2yqZA6Wvi5NY_",
         "client_secret": "D-SkY5dE9m7hQApMwc9DV0iCzSRVV62MnRvG6KKOZt4vNpcw8mTVxM8T9x7qpV72xLEiw",
         "grant_type": "refresh_token"
     }'

HTTP/1.1 200 OK
Content-Type: application/json

{
    "access_token": "oauth2-N2QyNWE3NmViMTg4NzAyMTM5ODYzNDAzZWE5NGVhNzQ0OGUzZTc2N...",
    "refresh_token": "oauth2-ZjU3OGVmMmVmZTEzMDI1OWU4M2M2MTI4ZjY2OWEwZDdhODE3NWVjZ...",
    "user_id": 1268,
    "client_id": "f90xoma5O5memgLzA_KWToMWiwBq8kHbYdhSQoxK",
    "expires_in": 3600,
    "expires": 1633107891024,
    "scopes":[
        "lucidchart.document.app",
        "offline_access"
    ],
    "token_type": "bearer"
}