> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fluz.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Refresh OAuth Access Token

You can refresh an accessToken received from the exchange of the authorization `code`

To refresh an access token, make a request to /token/refresh with the following query params:

| query param    | description                                          |
| -------------- | ---------------------------------------------------- |
| refresh\_token | The refreshToken token from the auth token exchange. |

Additionally, set an Authorization header that is a base64 encoded string that is a combination of your client\_id:app\_secret. This is a Basic auth header, and so should follow the following format: `Authorization: Basic <base64 encoded CLIENT_ID:CLIENT_SECRET>`

For example, if your `client_id` is `abc123` and your `client_secret` from the OAuth configuration is `def456`, the base64 encoded value would be `YWJjMTIzOmRlZjQ1Ng==`.

The `client_id` and `client_secret` can be found in the `Overview` tab of the [Configure OAuth App](/configure-o-auth-app).

Here is an example cURL command:

```text theme={null}
curl -X GET "https://uni.staging.fluzapp.com/token/refresh?refresh_token=<refreshToken>" -H "Authorization: Basic YWJjMTIzOmRlZjQ1Ng=="
```

The response will include:

| query param  | description                                                            |
| :----------- | :--------------------------------------------------------------------- |
| accessToken  | Short-lived token for subsequent requests into Fluz‘s backend services |
| refreshToken | refresh token to store and use when the accessToken becomes expired    |
| scopes       | the values the user permitted through the previous flow                |

Here is an example of a full response:

```json theme={null}
{"accessToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTc1MjA5NDgwNH0.0dKCtVpN0mTHHMuGNNx4VLJisTnovFNPQKhSw6zWosc","authorizationCode":"f082972eb110b80f73b0d0f95d1de9266069a1e4","accessTokenExpiresAt":"2025-07-08T21:05:30.673Z","refreshToken":"8ec16c25951616150b0332a4a6d66547","refreshTokenExpiresAt":"2025-08-08T20:55:30.738Z","scope":\["MAKE\_WIDTHDRAW","MAKE\_DEPOSIT","LIST\_PAYMENT"],"client":\{"id":"dab5c80e-0321-4c3a-988a-ffedfd64d8db","app\_id":"0a92d46e-edf4-422e-8c62-946051e5067b","app\_name":"First OAuth integration","grants":\["authorization\_code","client\_credentials","password","refresh\_token"],"redirectUris":\["http\://localhost:3035/oauth/finalize"],"accessTokenLifetime":600},"user":\{"id":"5070d5a1-d71a-4190-91b0-f116eec51771"}}
```
