Prerequisites
Requesting new access token
Access tokens have a short lifespan and expire after one hour. To maintain access to a user's data beyond this period, your application must use the refresh token, which is issued alongside the original access token, to request a new one.
Refresh tokens are valid for 180 days from the time they are issued and must be used before they expire. To refresh an access token, make a POST request to: https://users.app.marq.com/oauth2/token with a grant_type of refresh_token and the associated request body.
View API Reference for refreshing access token
The response will follow the standard OAuth 2.0 token response format and will include a new access token and a new refresh token. Each new refresh token can be used to repeat the process, enabling long-term access—as long as the user initially authorized the offline_access scope. Since refreshing does not require user interaction, your application can maintain access programmatically and indefinitely.
Use offline_access scope to refresh access tokens
Be sure to request the
offline_accessscope if the app will want to be able to refresh tokens.
Important considerations:
If a refresh token is not used within 180 days, it expires. Once expired, the user must re-authorize the application.
Each refresh operation invalidates the previous access and refresh tokens. Be sure to persist the new tokens returned in the response immediately to avoid losing access.