OAuth refresh token issues

RyanAtPushRyanAtPush Member Posts: 20

Hi Lightspeed team,

We're trying to solve an issue with our OAuth refresh token.

When we're trying to use refresh token to get new tokens, we're not getting any response back. Maybe you can help check the logs on your end? My company is Push Operations.

We were also trying to use the Lightspeed staging account to test but the redirect_url parameter doesn't seem to work?



Best Answer


  • LucienVersendaalLucienVersendaal Moderator, Lightspeed Staff Posts: 991 moderator

    Hi @RyanAtPush,

    Thank you for contacting us.

    Can you provide me the full request? And error messages?

  • RyanAtPushRyanAtPush Member Posts: 20

    Hey Lucien, I'm not sure if it's ok to show our tokens in this thread?

  • Ali_MasoumieAli_Masoumie Moderator, Lightspeed Staff Posts: 313 moderator


    You can send the request and response without the sensitive details (like token).

  • RyanAtPushRyanAtPush Member Posts: 20
    edited January 18

    We seem to be getting a couple of different responses.

    One of the response types in couldn't be json decoded. This happens in production environment but not our own testing server. On our testing server I would send the request and it would work perfectly fine. Testing server shares the same database, client key, client secret, code challenge and verifier.

    We use php json_decode (https://www.php.net/manual/en/function.json-decode.php) on the curl response but the json_decode returns null.

    I'm going to deploy some more debugging logs to print out the raw output before json decode and see...

    The second type of response we're getting is the 400 bad request.

    Does this happen if the request token is expired?

    For example we get this from Five Guys Quebec (Koeppel Companies):

      "url": "https://lightspeedapis.com/resto//oauth2/v1/token",

     "postBody": {

      "grant_type": "refresh_token",

      "refresh_token": "...."

    "response": {

      "code": "bad_request",

      "message": "Bad Request",

      "statusCode": 400,

      "details": [


        "code": "invalid_request",

        "message": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed."




    Post edited by RyanAtPush on
  • YorickYorick Moderator, Lightspeed Staff Posts: 90 moderator

    Hi Ryan,

    There is an additional slash sign behind resto in your URL.

    When doing a refresh token request, you can get a 400 error when there is no refresh_token provided or it is incorrect or expired. As a reminder, refresh tokens can only be used once and expire after 30 days. If expired, the merchant will need to reauthorize the app.

    API integration specialist
    Lightspeed HQ
  • RyanAtPushRyanAtPush Member Posts: 20
    edited January 18

    I fixed the extra slash sign but I'm still getting this error code 1015.


      "url": "https://lightspeedapis.com/resto/oauth2/v1/token",

     "postBody": {

      "grant_type": "refresh_token",

      "refresh_token": "..."


     "rawResponse": "error code: 1015",


    Last sent 2022-01-18 23:01:18 UTC.

    TKR Restaurant West Ltd.

    Thanks for clarifying the 400 error.

  • RyanAtPushRyanAtPush Member Posts: 20

    Seems like error code: 1015 means rate limiting, is that right?

  • RyanAtPushRyanAtPush Member Posts: 20

    Thanks for confirming. Will fix this soon.

Sign In or Register to comment.