Exchange a Refresh Token

  • Available in Sandbox
  • Available in Production
  • Available to Advisors
  • Supported

A member of the Tradier Brokerage team must approve your application for refresh tokens. This is only available to Tradier Partners. You can email techsupport@tradier.com to start the approval process.

Refresh tokens can be exchanged for access tokens without a customer reauthorizing the application. These tokens should be protected like passwords! You will obtain a refresh token in the same response as an access token.

Unlike other requests to the Tradier API, this request only returns JSON due to the OAuth 2.0 specification and for compatibility with most OAuth clients.

Due to the OAuth specification, this API endpoint uses HTTP Basic Authentication. Your application consumer key will serve as your username and the consumer secret the password. You can learn more about HTTP Basic Authentication on Wikipedia or directly reference the specification.

Request

POST

Headers

Header Required Values/Example Default
Content-Type Required application/x-www-form-urlencoded
Authorization Required ANyuWJBNwcQwFZLAKSDJ7248ghX1LFy949v
Basic HTTP Authentication. Username: Application client Id, Password: Application client secret

Parameters

Parameter Type Param Type Required Values/Example Default
grant_type Form String Required refresh_token
Value MUST be set to "refresh_token".
refresh_token Form String Required o0d897fusdnjfo28yoi2noi23098j
The refresh token to exchange.

Code Example

If you're developing in the sandbox, change the hostname to https://sandbox.tradier.com
curl -X POST "https://api.tradier.com/v1/oauth/refreshtoken" \
     -H 'Authorization: <TOKEN>' \
     -H 'Accept: application/json' \
     -H 'Content-Type: application/x-www-form-urlencoded' \
     -d 'grant_type=refresh_token&refresh_token=o0d897fusdnjfo28yoi2noi23098j'
// Version 1.8.0_31    
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.methods.RequestBuilder;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;

import java.io.IOException;

public class MainClass {
  public static void main(String[] args) throws IOException {
    final HttpUriRequest request = RequestBuilder
        .post("https://api.tradier.com/v1/oauth/refreshtoken")
        .addHeader("Authorization", "<TOKEN>")
        .addHeader("Accept", "application/json")
        .addParameter("grant_type", "refresh_token")
        .addParameter("refresh_token", "o0d897fusdnjfo28yoi2noi23098j")
        .build();

    final HttpResponse response = HttpClientBuilder.create().build().execute(request);
    final String jsonString = EntityUtils.toString(response.getEntity());
    final JsonNode json = new ObjectMapper().readTree(jsonString);
    
    System.out.println(response.getStatusLine().getStatusCode());
    System.out.println(json);
  }
}
# Version 2.5.0p0    
require 'uri'
require 'net/http'

url = URI("https://api.tradier.com/v1/oauth/refreshtoken")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Authorization"] = '<TOKEN>'
request["Accept"] = 'application/json'
request["Content-Type"] = 'application/x-www-form-urlencoded'
request.body = "grant_type=refresh_token&refresh_token=o0d897fusdnjfo28yoi2noi23098j"

response = http.request(request)
puts response.code
puts response.read_body
// Version go1.12      
package main

import (
    "fmt"
    "net/http"
    "net/url"
    "io/ioutil"
    "log"
    "strconv"
    "strings"
)

func main() {
    apiUrl := "https://api.tradier.com/v1/oauth/refreshtoken"
    data := url.Values{} 
    data.Set("grant_type", "refresh_token") 
    data.Set("refresh_token", "o0d897fusdnjfo28yoi2noi23098j")

    u, _ := url.ParseRequestURI(apiUrl)
    urlStr := u.String()

    client := &http.Client{}
    r, _ := http.NewRequest("POST", urlStr, strings.NewReader(data.Encode()))
    r.Header.Add("Authorization", "<TOKEN>")
    r.Header.Add("Accept", "application/json")
    r.Header.Add("Content-Type", "application/x-www-form-urlencoded")
    r.Header.Add("Content-Length", strconv.Itoa(len(data.Encode())))

    resp, _ := client.Do(r)
    responseData, err := ioutil.ReadAll(resp.Body)

    if err != nil {
      log.Fatal(err)
    }

    fmt.Println(resp.Status)
    fmt.Println(string(responseData))
}
// Version 4.6.2.0    
using System;
using System.Net;  
using System.IO;
using System.Text;

public class MainClass {
  public static void Main (string[] args) {
    var request = (HttpWebRequest)WebRequest.Create("https://api.tradier.com/v1/oauth/refreshtoken");
    var requestData = "grant_type=refresh_token&refresh_token=o0d897fusdnjfo28yoi2noi23098j";
    var data = Encoding.ASCII.GetBytes(requestData);
    
    request.Method = "POST";
    request.Headers["Authorization"] = "<TOKEN>";
    request.Accept = "application/json";
    request.ContentType = "application/x-www-form-urlencoded";
    request.ContentLength = data.Length;

    using (var stream = request.GetRequestStream())
     {
         stream.Write(data, 0, data.Length);
     }

    var response = (HttpWebResponse)request.GetResponse();

    Console.WriteLine (response.StatusCode);
    var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();
    Console.WriteLine (responseString);
  }
}
// Version 10.15.2    
const request = require('request');

request({
    method: 'post',
    url: 'https://api.tradier.com/v1/oauth/refreshtoken',
    form: {
       'grant_type': 'refresh_token',
       'refresh_token': 'o0d897fusdnjfo28yoi2noi23098j'
    },
    headers: {
      'Authorization': '<TOKEN>',
      'Accept': 'application/json'
    }
  }, (error, response, body) => {
      console.log(response.statusCode);
      console.log(body);
  });
# Version 3.6.1    
import requests

response = requests.post('https://api.tradier.com/v1/oauth/refreshtoken',
    data={'grant_type': 'refresh_token', 'refresh_token': 'o0d897fusdnjfo28yoi2noi23098j'},
    headers={'Authorization': '<TOKEN>', 'Accept': 'application/json'}
)
json_response = response.json()
print(response.status_code)
print(json_response)
<?php
// Version 7.2.17-0ubuntu0.18.04.1
$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'https://api.tradier.com/v1/oauth/refreshtoken');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'grant_type=refresh_token&refresh_token=o0d897fusdnjfo28yoi2noi23098j');
curl_setopt($ch, CURLOPT_POST, 1);

$headers = array();
$headers[] = 'Authorization: <TOKEN>';
$headers[] = 'Accept: application/json';
$headers[] = 'Content-Type: application/x-www-form-urlencoded';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$result = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if (curl_errno($ch)) {
    echo 'Error:' . curl_error($ch);
}
curl_close ($ch);
echo $http_code;
echo $result;

Response

Response Definition

{
  "access_token": "oG8RUzo33zKy3gghjkGh2au2LEWA8",
  "expires_in": 86399,
  "issued_at": "2014-05-28T09:33:35-04:00",
  "scope": "read write trade market stream",
  "status": "approved"
}