Refresh a token

Plugin icon

Login with Zip

Give your shoppers the option to Login to your website using Zip and pay seamlessly.

The API call you will make to refresh the access token is the /tokens endpoint again, however this time we will use our refresh_token to authorise this refresh.

This request should be made before each /charges request to generate a new access_token. Doing so will reset the refresh_token 30 day life span.

This can also be used as a scheduled refresh mechanism to ensure customer tokens never expire.

This request will contain:

  • Customer refresh_token
  • client_id
  • client_secret

The Zip API response will contain:

  • access_token (for placing charges)
  • refresh token (for permanent storage)

This /tokens API call should be made from your server and not directly from the client front end.


The API request

Customer refresh_token

You will have already obtained the customer refresh_token code when it is returned by Zip in your initial /token call. This value will not change when refreshing the token, but its expiry will reset.

Client ID and Client secret

These will be provided by the Zip team for each environment.

The full request

curl --location --request POST '<client_id>&client_secret=<client_secret>&grant_type=refresh_token&refresh_token=<refresh_token>' \


Token Expiry

  • Access token: Expires after 30 mins
  • Refresh token: Expires after 30 days


Finalise the payment

To complete the purchase you must create a charge