Tutorial: Authenticate App User with Pandora

4. (Optional) Refresh access token after expiry

When your access token expires, you can use your refresh token to request a new access token.

Do a POST request to, with the content type application/x-www-form-urlencoded and the values.

Parameter Description Type Example Required
grant_type Refresh_token indicating that we are using the refresh grant type string


refresh_token A token that can be used at the refresh endpoint to fetch a fresh access_token string "eyJ6aXAiOiJERU

Additionally, the client must include a basic authentication header:
Authorization: Basic Base64Encode(client_id:client_secret)

You can use this curl command to test:

curl '' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Authorization: Basic ' \
  -d grant_type=refresh_token \
  -d refresh_token=

If everything is valid, we respond with a JSON object that contains:

Parameter Description Type Example
access_token The access token that can be used to access a Pandora protected resource. string "STRING"
refresh_token The same refresh_token received in the token request the first time around. string "STRING"
expires_in The time in seconds that the access token is valid for (the refresh_token does not expire). After expiry, use the refresh_token to get a new access_token. number "14000"
token_type Type of the token, typically "Bearer". number "Bearer"