(Script tags will be stripped)

The API call you will make to refresh the access token is the <a href="/reference/au-loginwithzip-create-token" class="codeLabel codeLabel-link" target="_blank" rel="nofollow noopener noreferrer">/tokens</a> endpoint again, however this time we will use our <code>refresh_token</code> to authorise this refresh.

This request should be made before each <code>/charges</code> request to generate a new access_token. Doing so will reset the refresh_token 30 day life span.

This can also be used as a scheduled refresh mechanism to ensure customer tokens never expire.

This request will contain:

  • Customer <code>refresh_token</code>

  • <code>client_id</code>

  • <code>client_secret</code>

The Zip API response will contain:

  • <code>access_token</code> (for placing charges)

  • <code>refresh token</code> (for permanent storage)

This <span class="codeLabel codeLabel-nolink">/tokens</span> API call should be made from your server and not directly from the client front end. <br>


## The API request

### Customer refresh_token

You will have already obtained the customer refresh_token code when it is returned by Zip in your initial /token call. This value will not change when refreshing the token, but its expiry will reset.

### Client ID and Client secret

These will be provided by the Zip team for each environment.

## The full request



Token Expiry

  • Access token: Expires after 30 mins

  • Refresh token: Expires after 30 days

Finalise the payment

To complete the purchase you must [create a charge](🔗)