Refresh Token Endpoint

The refresh token endpoint allows you to obtain a new access token when your current access token has expired or is about to expire. This is a critical part of maintaining a continuous connection to the COUNT Partner API without requiring the user to re-authenticate.

Endpoint: POST /partners/refresh-user-access-token

Authentication Required:

• ✅ HMAC Signature (x-client-id, x-signature, x-timestamp headers)
• ❌ Bearer Token (NOT required for this endpoint)

When to Use:

• When your access token has expired (you receive a 401 error with "token_expired" code)
• Proactively before the access token expires (recommended best practice)
• To maintain seamless API access without user re-authentication

Request Body:

• grant_type: Must be "refresh_token"
• refresh_token: The refresh token you received from the initial token exchange
• client_id: Your partner application client ID
• client_secret: Your partner application client secret

Response: On success (200), you'll receive:

• New access token (use in Authorization: Bearer header for subsequent API calls)
• New refresh token (save this for the next refresh cycle)
• Access token expiration timestamp
• Refresh token expiration timestamp
• Workspace ID and name

Important Notes:

• The refresh token itself can expire - check refreshTokenExpiresAt before attempting refresh
• Always save the new refresh token from the response - the old one becomes invalid after use
• Implement automatic token refresh before expiration to avoid service interruptions
• This endpoint requires HMAC signing but does NOT require a Bearer token (unlike resource endpoints)