Disabling refresh_token from being generated for /oauth/token requests

  • 1
  • Article
  • Updated 2 years ago
There are times when your app or integration with RingCentral may not require the refresh_token as part of the oauth/token request while obtaining an access_token. When your app or integration doesn't require this refresh_token, you can easily disable it by setting the TTL (time to live) for the refresh_token_ttl to zero (0).

Requesting an access_token and generating a refresh_token:

POST /restapi/oauth/token HTTP/1.1
HOST: https://platform.ringcentral.com
Content-Type: application/x-form-www/urlencoded; charset=utf-8
Authorization: Basic [Base64 Encoded appKey + appSecret]

username=[ringCentralUsername]&password=[ringCentralPassword]&grant_type=password

Response generating a refresh_token:

{
"access_token": "[ACCESS_TOKEN_HIDDEN_FOR_SECURITY_REASONS]",
"token_type": "bearer",
"expires_in": 3599,
"refresh_token": "[REFRESH_TOKEN_HIDDEN_FOR_SECURITY_REASONS]",
"refresh_token_expires_in": 604799,
"scope": "ReadCallLog",
"owner_id": "[RC_OWNER_ID_HIDDEN_FOR_SECURITY_REASONS]"
}

Requesting an access_token without generating a refresh_token:

POST /restapi/oauth/token HTTP/1.1
HOST: https://platform.ringcentral.com
Content-Type: application/x-form-www/urlencoded; charset=utf-8
Authorization: Basic [Base64 Encoded appKey + appSecret]

username=[ringCentralUsername]&password=[ringCentralPassword]&refresh_token_ttl=0&grant_type=password

Response without generating a refresh_token:

{
"access_token": "[ACCESS_TOKEN_HIDDEN_FOR_SECURITY_REASONS]",
"token_type": "bearer",
"expires_in": 3599,
"scope": "ReadCallLog",
"owner_id": "[RC_OWNER_ID_HIDDEN_FOR_SECURITY_REASONS]"
}

An example use case for not needing the refresh token is for server-to-server applications where you already know the username and password for your application and can simply make a request once per hour to fetch a new token.
Photo of Benjamin Dean

Benjamin Dean

  • 8,602 Points 5k badge 2x thumb

Posted 3 years ago

  • 1
Photo of Ashley

Ashley

  • 120 Points 100 badge 2x thumb
Using this same method can you extend the refresh_token instead of 7 days?
Photo of Benjamin Dean

Benjamin Dean

  • 8,602 Points 5k badge 2x thumb
The maximum length of time for our refresh tokens is 604799 seconds currently. If you attempt to set a value higher than this, the default maximum will be set.