Refresh tokens can be exchanged for access tokens without a customer reauthorizing the application. These tokens should be protected like passwords! You will obtain a refresh token in the same response as an access token.
Unlike other requests to the Tradier API, this request only returns JSON due to the OAuth 2.0 specification and for compatibility with most OAuth clients.
Due to the OAuth specification, this API endpoint uses HTTP Basic Authentication. Your application client Id will serve as your username and the client secret the password. You can learn more about HTTP Basic Authentication on Wikipedia or directly reference the specification.
| Header | Required | Values/Example | Default | |
|---|---|---|---|---|
| Content-Type | Required | application/x-www-form-urlencoded | ||
| Authorization | Required | Basic lhQOWo0RzJUOWc6Z== | ||
| Basic HTTP Authentication. Username: Application client Id, Password: Application client secret | ||||
| Parameter | Type | Param Type | Required | Values/Example | Default |
|---|---|---|---|---|---|
| grant_type | Form | String | Required | refresh_token | |
| Value MUST be set to "refresh_token". | |||||
| refresh_token | Form | String | Required | o0d897fusdnjfo28yoi2noi23098j | |
| The refresh token to exchange. | |||||
curl -X POST "https://api.tradier.com/v1/oauth/refreshtoken" \
-H 'Authorization: Basic <TOKEN>' \
-H 'Accept: application/json'// Version 1.8.0_31
import static org.apache.http.entity.ContentType.APPLICATION_JSON;
import java.io.IOException;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.methods.RequestBuilder;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
public class Main {
public static void main(String[] args) throws IOException {
final HttpUriRequest request = RequestBuilder
.post("https://api.tradier.com/v1/oauth/refreshtoken")
.addHeader("Authorization", "Basic <TOKEN>")
.addHeader("Accept", "application/json")
.build();
final HttpResponse response = HttpClientBuilder.create().build().execute(request);
final String jsonString = EntityUtils.toString(response.getEntity());
final JsonNode json = new ObjectMapper().readTree(jsonString);
System.out.println(response.getStatusLine().getStatusCode());
System.out.println(json);
}
}# Version 2.5.0p0
require 'uri'
require 'net/http'
url = URI("https://api.tradier.com/v1/oauth/refreshtoken")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Basic <TOKEN>'
request["Accept"] = 'application/json'
response = http.request(request)
puts response.code
puts response.read_body// Version go1.12
package main
import (
"fmt"
"net/http"
"net/url"
"io/ioutil"
"log"
)
func main() {
apiUrl := "https://api.tradier.com/v1/oauth/refreshtoken"
u, _ := url.ParseRequestURI(apiUrl)
urlStr := u.String()
client := &http.Client{}
r.Header.Add("Authorization", "Basic <TOKEN>")
r.Header.Add("Accept", "application/json")
resp, _ := client.Do(r)
responseData, err := ioutil.ReadAll(resp.Body)
if err != nil {
log.Fatal(err)
}
fmt.Println(resp.Status)
fmt.Println(string(responseData))
}// Version 4.6.2.0
using System;
using System.Net;
using System.IO;
using System.Text;
public class MainClass {
public static void Main (string[] args) {
var request = (HttpWebRequest)WebRequest.Create("https://api.tradier.com/v1/oauth/refreshtoken");
request.Method = "POST";
request.Headers["Authorization"] = "Basic <TOKEN>";
request.Accept = "application/json";
var response = (HttpWebResponse)request.GetResponse();
Console.WriteLine (response.StatusCode);
var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();
Console.WriteLine (responseString);
}
}// Version 10.15.2
const request = require('request');
request({
method: 'post',
url: 'https://api.tradier.com/v1/oauth/refreshtoken',
headers: {
'Authorization': 'Basic <TOKEN>',
'Accept': 'application/json'
}
}, (error, response, body) => {
console.log(response.statusCode);
console.log(body);
});# Version 3.6.1
import requests
response = requests.post('https://api.tradier.com/v1/oauth/refreshtoken',
headers={'Authorization': 'Basic <TOKEN>', 'Accept': 'application/json'}
)
json_response = response.json()
print(response.status_code)
print(json_response)<?php
// Version 7.2.17-0ubuntu0.18.04.1
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.tradier.com/v1/oauth/refreshtoken');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
$headers = array();
$headers[] = 'Authorization: Basic <TOKEN>';
$headers[] = 'Accept: application/json';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$result = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if (curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
}
curl_close ($ch);
echo $http_code;
echo $result;{
"access_token": "0XcZIRtv12o89347S8B4GUu0K",
"refresh_token": "MjAJkrGE90812jkOG7Rj3QGGl",
"scope": "read write trade market",
"issued_at": "2020-01-21T15:55:35.000-05:00",
"status": "approved",
"expires_in": 86399
}