Renew the Device Session

Once you have received a device token, you can renew the session using the refresh_token. You have received it with the original token.

The endpoint to request the OAuth token is POST /oauth/token. You need to pass the vendor client credentials, and the refresh token, but not the device code. The grant type is refresh_token.

Request

POST /oauth/token HTTP/1.1
Host: connect-testing.secupay-ag.de
Content-Type: application/json
...
 
{
    "grant_type": "refresh_token",
    "client_id": "611c00ec6b2be6c77c2338774f50040b",
    "client_secret": "dc1f422dde755f0b1c4ac04e7efbd6c4c78870691fe783266d7d6c89439925eb",
    "refresh_token": "d3aece0996cee981609cab15653db0e9bc9ef804"
}

If the everything is fine, the API responds with 200 OK, and some data:

Response

HTTP/1.1 200 OK
Content-Type: application/json
...
{
    "access_token": "01g5prsq95pkq67pik7dh7vq22",
    "expires_in": 1200,
    "token_type": "bearer",
    "scope": null
}

You will receive the OAuth access token (line 6) as before. There is no refresh token, since it stays unchanged for the current session.