OAuth 2.0
Refresh Token Grant
When an access token expires, clients should use the refresh token grant to get a new access token. The client sends a POST request to https://www.pandora.com/oauth/v1/token with the content type application/x-www-form-urlencoded and the values.
| Parameter | Description | Type | Example | Required |
grant_type |
Refresh_token indicating that we are using the refresh grant type. |
string | "refresh_token" | Yes |
refresh_token |
A token that can be used at the refresh endpoint to fetch a fresh access_token. |
string | "eyJ6aXAiOiJERUYiLC JraWQiOiJlbmMxNTEy NDE0ODM5IiwiY3R5Ij VZ0-bT-PbDSehO_4Cn Ty3fRXbiuQFKCI5Zau ccidVCRN-dFGwHPLKH IUQyud0.if2rmJFUJk UDrFvbl44_vw" |
Yes |
Additionally, the client should include a basic authentication header that looks like the following:
Authorization: Basic Base64Encode(client_id:client_secret)
If everything is valid, we respond with a JSON object that contains:
| Parameter | Description | Type | Example |
authToken |
The access token that can be used to access a Pandora protected resource. | string | "eyJ6aXAiOiJERUYiLC JraWQiOiJlbmMxNTEy NDE0ODM5IiwiY3R5Ij VZ0-bT-PbDSehO_4Cn Ty3fRXbiuQFKCI5Zau ccidVCRN-dFGwHPLKH IUQyud0.if2rmJFUJk UDrFvbl44_vw" |
refresh_token |
A token that can be used at the refresh endpoint to fetch a fresh access_token. |
string | "eyJ6aXAiOiJERUYiLC JraWQiOiJlbmMxNTEy NDE0ODM5IiwiY3R5Ij VZ0-bT-PbDSehO_4Cn Ty3fRXbiuQFKCI5Zau ccidVCRN-dFGwHPLKH IUQyud0.if2rmJFUJk UDrFvbl44_vw" |
expires_in |
The time in seconds that the access token is valid for (the refresh token does not expire). | number | 14400 |
token_type |
Type of token, typically "Bearer". | number | "Bearer" |
You can use this curl command to test:
curl 'https://www.pandora.com/oauth/v1/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Authorization: Basic ' \
-d grant_type=refresh_token \
-d refresh_token=