The functionality of the Authorization Code Grant authorization flow is now improved with support for refresh tokens.

Refresh tokens are long-lasting credentials which you can use to fetch additional access tokens. Unlike access tokens, refresh tokens do not expire until you revoke them.

To allow the management of tokens, the /revoke endpoint now enables you to revoke multiple tokens in a single request. Using this endpoint enables you to revoke refresh tokens and access tokens.

Additionally, the /refreshtokens endpoint now enables you to delete numerous refresh tokens by posting a single request. Additionally, you can filter the refresh tokens by the client for which they are issued.

Learn more about the refresh tokens:

  • Read the OAuth2 specification.
  • See the Tokens section of OAuth2 service documentation.
  • Read the OAuth2 service API console for more detailed information on how to use the /refreshtokens and /revoke endpoints.
  • Send feedback

    If you find any information that is unclear or incorrect, please let us know so that we can improve the Dev Portal content.

  • Get Help

    Use our private help channel. Receive updates over email and contact our specialists directly.

  • hybris Experts

    If you need more information about this topic, visit hybris Experts to post your own question and interact with our community and experts.