Using Tokens

As part of both authentication flows, you will be working with access tokens and refresh tokens.

Using Access Tokens

To make a successful Chatter REST API request, you must include a valid access token in the request. This can be done by using the HTTP Authorization header:
Authorization: OAuth <access token>

If the request yields an error response due to an expired token, the refresh token can be used to get a new access token.

If the request yields an error because an access token has been revoked, the client application must be re-authorized by the user in order to gain access.

Using Refresh Tokens

If the client application has a refresh token, it can use it to send a request for a new access token.

To ask for a new access token, the client application should send a POST request to https://login.instance_name/services/oauth2/token with the following query parameters:
ParametersDescription
grant_typeValue must be refresh_token for this flow.
refresh_tokenThe refresh token the client application already received.
client_idConsumer key from the connected app definition.
You can also include the following optional parameters:
ParametersDescription
client_secretConsumer secret from the connected app definition.
formatExpected return format. The default is json. Values are:
  • urlencoded
  • json
  • xml

If this request is successful, the server returns a payload holding the access_token.

The following additional parameters are also returned, however, they aren't used with this flow and Chatter REST API:
  • instance_url
  • id
  • signature
  • issued_at
© Copyright 2000–2014 salesforce.com, inc. All rights reserved.
Various trademarks held by their respective owners.