Documentation

OAuth 2.0

Refresh Token Grant

 

When an access token expires, clients should use the refresh token grant to get a new access token. The client sends a POST request to https://www.pandora.com/oauth/v1/token with the content type  application/x-www-form-urlencoded and the values.

Parameter Description Type Example Required
grant_type Refresh_token indicating that we are using the refresh grant type. string "refresh_token" Yes
refresh_token A token that can be used at the refresh endpoint to fetch a fresh access_token. string "eyJ6aXAiOiJERUYiLC
JraWQiOiJlbmMxNTEy
NDE0ODM5IiwiY3R5Ij
VZ0-bT-PbDSehO_4Cn
Ty3fRXbiuQFKCI5Zau
ccidVCRN-dFGwHPLKH
IUQyud0.if2rmJFUJk
UDrFvbl44_vw"
Yes

Additionally, the client should include a basic authentication header that looks like the following:

Authorization: Basic Base64Encode(client_id:client_secret)

If everything is valid, we respond with a JSON object that contains:

Parameter Description Type Example
authToken The access token that can be used to access a Pandora protected resource. string "eyJ6aXAiOiJERUYiLC
JraWQiOiJlbmMxNTEy
NDE0ODM5IiwiY3R5Ij
VZ0-bT-PbDSehO_4Cn
Ty3fRXbiuQFKCI5Zau
ccidVCRN-dFGwHPLKH
IUQyud0.if2rmJFUJk
UDrFvbl44_vw"
refresh_token A token that can be used at the refresh endpoint to fetch a fresh access_token. string "eyJ6aXAiOiJERUYiLC
JraWQiOiJlbmMxNTEy
NDE0ODM5IiwiY3R5Ij
VZ0-bT-PbDSehO_4Cn
Ty3fRXbiuQFKCI5Zau
ccidVCRN-dFGwHPLKH
IUQyud0.if2rmJFUJk
UDrFvbl44_vw"
expires_in The time in seconds that the access token is valid for (the refresh token does not expire). number 14400
token_type Type of token, typically "Bearer". number "Bearer"

You can use this curl command to test:



curl 'https://www.pandora.com/oauth/v1/token' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Authorization: Basic ' \
  -d grant_type=refresh_token \
  -d refresh_token=