Once you have received a device token, you can renew the session using the refresh_token. You have received it with the original token.

The endpoint to request the OAuth token is POST /oauth/token. You need to pass the vendor client credentials, and the refresh token, but not the device code. The grant type is refresh_token.

Request
POST /oauth/token HTTP/1.1
Host: connect-testing.secuconnect.com
Content-Type: application/json
Accept: application/json
 
{
"grant_type": "refresh_token",
"client_id": "611c00ec6b2be6c77c2338774f50040b",
"client_secret": "dc1f422dde755f0b1c4ac04e7efbd6c4c78870691fe783266d7d6c89439925eb",
"refresh_token": "d3aece0996cee981609cab15653db0e9bc9ef804"
}

If the everything is fine, the API responds with 200 OK, and some data:

Response
HTTP/1.1 200 OK
Content-Type: application/json
...
{
"access_token": "01g5prsq95pkq67pik7dh7vq22",
"expires_in": 1200,
"token_type": "bearer",
"scope": null
}

You will receive the OAuth access token (line 6) as before. There is no refresh token, since it stays unchanged for the current session.