Refreshing Access Tokens
Postman is an application you can use to make, save, and share API requests. We're going to use it to demonstrate using a refresh token to receive a new access token from WHOOP.
- Refresh Token: A refresh token is received along with an access token when
completing the initial OAuth 2.0 flow, when the auth request includes
offlinescope. Learn more
- Client Id: A unique identifier for your client. Learn more
- Client Secret: A secret value that accompanies your client identifier. Learn more
- Refresh Token Endpoint:
https://api.prod.whoop.com/oauth/oauth2/token. Learn more
Making the Request
We're going to issue a POST request to the refresh token endpoint to receive a new access token.
Fill in the fields as follows:
- HTTP Request Type/Verb: POST
In the Body section, select the "x-www-form-urlencoded" radio button. Fill in the following keys and values:
refresh_token. This grant type explicitly tells an OAuth provider you're asking for a refresh token.
- refresh_token: The value of the refresh token received along with an access token.
- client_id: A unique identifier for your client.
- client_secret: A secret value that accompanies your client identifier.
- scope: The
offlinescope allows you to get a new refresh token and an access token.
In this image, Postman variables take the place of the refresh token, client id, and client secret. Postman should prepopulate those variables with the configured values. Alternatively, place the values directly in the value of the POST data rather than using variables at all.
Click "Send" to make your request.
Receiving the Response
Under the Request Body section, a Response Body should be visible as a JSON payload. It will have the following form:
"scope": "offline other-scopes-requested",
You can use the new access token to make additional API requests for this user's data. You can also use the new refresh token to complete this flow once the access token expires.