Unable to retrieve new access token with refresh token

ChibbyChibby Member Posts: 4


Since recently I have been unable to use refresh tokens to retrieve new access tokens.

I make a post request to https://lightspeedapis.com/resto/oauth2/v1/token

This request has the following headers:

Content-Type: application/x-www-form-urlencoded

Authorization: Basic [Base64 of client-id:client-secret]

This request has the following body:


According to the docs, this should be sufficient. However, I invariable receive the following response:

{"code":"bad_request","message":"Bad Request","statusCode":400,"details":[{"code":"invalid_request", "message":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed."}]}

I have also tried to provide the client-id and client-secret in the body, not setting the Authorization header, to no avail.

Can someone tell me what I am doing wrong here? Thanks in advance.


  • YorickYorick Moderator, Lightspeed Staff Posts: 99 moderator


    Your initial request is correct (client_id and client_secret are not in the body but in the Authorization header).

    Getting a 400 error invalid_request when trying to obtain a refresh token usually means one of the following:

    • no refresh_token was provided
    • refresh_token is incorrect
    • refresh_token is expired (they expire after 30 days)

    Refresh tokens can only be used once and if they're not used within 30 days, you will need to reauthorize.

    Do you have any issue if you follow the authentication process from scratch (authorization > token > refresh token)?

    API integration specialist
    Lightspeed HQ
  • ChibbyChibby Member Posts: 4

    Hi Yorick,

    Thanks for your reply. I see where I went wrong. I was trying to use spent refresh tokens.

Sign In or Register to comment.