| Table of Contents |
|---|
...
- access_token: the access token, used to call Betfair on the user's behalf
- token_type: meta data for the access token (see 'Making calls on the user's behalf')
- expires_in: how long the access token will be valid for (in seconds)
- refresh_token: a token that can be used to create a new access token (see 'Using the refresh token')
- application_subscription: contains the vendor client ID, a unique identifier for a user. Can also contain some subscription related information (See 'Legacy Subscriptions')
| Warning |
|---|
...
|
...
| |
To protect sensitive information such as your app key and secret, it is important that the token operation only be called from server to server. |
Example REST request
Headers
- X-Application' : 'your app key'
- 'X-Authentication' : 'your session token'
Request Body
client_id=VENDOR_ID
client_secret=VENDOR_SECRET
grant_type=AUTHORIZATION_CODE
code=THE_AUTH_CODE
...
{"access_token":"KeOi+kyg2RvDK4HM+W46CvSnP5w=","refresh_token":"50d76117-7f85-375v-a38f-ffb332713f93","application_subscription":{"vendor_client_id":"456238"},"token_type":"BEARER","expires_in":"14400"} |
You can user the 'expires_in' value to determine when the access token will stop being valid. Alternatively, if calls made with the access token start returning an INVALID_SESSION error, it is likely that the token has expired.
...