Refreshing Your Tokens

All access tokens must be refreshed periodically. Token refresh reduces the potential and benefit of token theft. Since all tokens expire, stolen tokens may only be used for a limited time. A token refresh immediately expires the previously issued access and refresh tokens and issues brand new tokens.

Refresh Token Request

To refresh your token, make the following request:

POST https://api.ecobee.com/token?
	grant_type=refresh_token&
	refresh_token=REFRESH_TOKEN&
	client_id=APP_KEY
                

The code parameter is also supported for the refresh token value.

POST https://api.ecobee.com/token?
	grant_type=refresh_token&
	code=REFRESH_TOKEN&
	client_id=APP_KEY
                

Where REFRESH_TOKEN is the refresh token you were issued and the APP_KEY is the application key for your application.

The response, if successful will contain:

{
	"access_token": "Rc7JE8P7XUgSCPogLOx2VLMfITqQQrjg",
	"token_type": "Bearer",
	"expires_in": 3599,
	"refresh_token": "og2Obost3ucRo1ofo0EDoslGltmFMe2g",
	"scope": "smartWrite" 
}                
     	         

Note that the expires_in field represents a value in seconds. This conforms to the OAuth spec for token responses. More information regarding this can be found in the OAuth 2.0 Authorization Framework spec here.

On error, see API Requests and Responses for information on handling errors.

Token Expiry

The following table lists the expiry for common token types. Additional information may be found under each authorization strategy.
Token Type Expiry
Authorization Variable: see strategy documentation
Access 3600 seconds (1 hour)
Refresh 1 year

What happens if I lose my Access/Refresh tokens or they expire?

Should you lose your access and refresh tokens, or they expire you will need to begin the authorization process from the beginning. Your application must be capable of handling this use case.

Back To Top