curl --request POST \
--url https://api.cal.com/v2/oauth/{clientId}/refresh \
--header 'Content-Type: application/json' \
--header 'x-cal-secret-key: <x-cal-secret-key>' \
--data '{
"refreshToken": "<string>"
}'
{
"status": "success",
"data": {
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9",
"accessTokenExpiresAt": 123,
"refreshTokenExpiresAt": 123
}
}
If managed user access token is expired then get a new one using this endpoint - it will also refresh the refresh token, because we use
“refresh token rotation” mechanism. Access token is valid for 60 minutes and refresh token for 1 year. Make sure to store them in your database, for example, in your User database model calAccessToken
and calRefreshToken
fields.
Response also contains accessTokenExpiresAt
and refreshTokenExpiresAt
fields, but if you decode the jwt token the payload will contain clientId
(OAuth client ID), ownerId
(user to whom token belongs ID), iat
(issued at time) and expiresAt
(when does the token expire) fields.
curl --request POST \
--url https://api.cal.com/v2/oauth/{clientId}/refresh \
--header 'Content-Type: application/json' \
--header 'x-cal-secret-key: <x-cal-secret-key>' \
--data '{
"refreshToken": "<string>"
}'
{
"status": "success",
"data": {
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9",
"accessTokenExpiresAt": 123,
"refreshTokenExpiresAt": 123
}
}
OAuth client secret key.
The response is of type object
.
Was this page helpful?