Documentation

Tutorial: Authenticate App User with Pandora

4. (Optional) Refresh access token after expiry

When your access token expires, you can use your refresh token to request a new access token.

Do a POST request to https://www.pandora.com/oauth/v1/token, with the content type application/x-www-form-urlencoded and the values.

Parameter Description Type Example Required
grant_type Refresh_token indicating that we are using the refresh grant type string

"refresh_token"

Yes
refresh_token A token that can be used at the refresh endpoint to fetch a fresh access_token string "eyJ6aXAiOiJERU
YiLCJraWQiOiJlb
mMxNTEzNzgzO
TU4IiwiY3R5IjoiSl
...
hExXkolqVB4y5
yOk.B7eRL3XpB
wKtpcc9rgVjJQ"
Yes

Additionally, the client must include a basic authentication header:
Authorization: Basic Base64Encode(client_id:client_secret)

You can use this curl command to test:



curl 'https://www.pandora.com/oauth/v1/token' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Authorization: Basic ' \
  -d grant_type=refresh_token \
  -d refresh_token=

If everything is valid, we respond with a JSON object that contains:

Parameter Description Type Example
access_token The access token that can be used to access a Pandora protected resource. string "STRING"
refresh_token The same refresh_token received in the token request the first time around. string "STRING"
expires_in The time in seconds that the access token is valid for (the refresh_token does not expire). After expiry, use the refresh_token to get a new access_token. number "14000"
token_type Type of the token, typically "Bearer". number "Bearer"