Refresh Token Endpoint

The refresh token endpoint allows you to obtain a new access token when your current access token has expired or is about to expire. This is a critical part of maintaining a continuous connection to the COUNT Partner API without requiring the user to re-authenticate.

Endpoint: POST /partners/refresh-user-access-token

Authentication Required:

• ✅ HMAC Signature (x-client-id, x-signature, x-timestamp headers)

• ❌ Bearer Token (NOT required for this endpoint)

When to Use:

• When your access token has expired (you receive a 401 error with "token_expired" code)

• Proactively before the access token expires (recommended best practice)

• To maintain seamless API access without user re-authentication

Request Body:

• grant_type: Must be "refresh_token"

• refresh_token: The refresh token you received from the initial token exchange

• client_id: Your partner application client ID

• client_secret: Your partner application client secret

Response: On success (200), you'll receive:

• New access token (use in Authorization: Bearer header for subsequent API calls)

• New refresh token (save this for the next refresh cycle)

• Access token expiration timestamp

• Refresh token expiration timestamp

• Workspace ID and name

Important Notes:

• The refresh token itself can expire - check refreshTokenExpiresAt before attempting refresh

• Always save the new refresh token from the response - the old one becomes invalid after use

• Implement automatic token refresh before expiration to avoid service interruptions

• This endpoint requires HMAC signing but does NOT require a Bearer token (unlike resource endpoints)