oauth-refresh-token.http
@tokenUrl = https://auth.example.com/oauth/token
@clientId = replace-with-client-id
@clientSecret = replace-with-client-secret
@refreshToken = replace-with-refresh-token
### Exchange a refresh token for a new access token
POST {{tokenUrl}}
Accept: application/json
Content-Type: application/x-www-form-urlencoded
grant_type=refresh_token&refresh_token={{refreshToken}}&client_id={{clientId}}&client_secret={{clientSecret}}
Variables to replace
- tokenUrl
- The authorization server's token endpoint.
- clientId
- The OAuth client ID.
- clientSecret
- The client secret when the provider requires one.
- refreshToken
- The long-lived refresh token; store the real value outside Git.
Expected response
A successful exchange normally returns 200 OK with a new access_token and expiry. Some providers also rotate and return a new refresh_token; preserve it according to the provider's rules.
Karve does not update variables from a response automatically. Copy rotated tokens manually into your environment.
Related examples and guides
Learn the full syntax in the .http file format guide, manage secrets with variables and environments, or see how to run .http files on Windows.
Run this request without leaving Windows.
Karve opens .http files as a native workspace: edit the plain text, press Run, inspect the response, and keep the file in Git.
15-day free trial · No account · No subscription · No metered requests
25% off until Sep 1