Table of Contents |
---|
...
- access_token: the access token, used to call Betfair on the user's behalf
- token_type: meta data for the access token (see 'Making calls on the user's behalf')
- expires_in: how long the access token will be valid for (in seconds)
- refresh_token: a token that can be used to create a new access token (see 'Using the refresh token')
- application_subscription: contains the vendor client ID, a unique identifier for a user. Can also contain some subscription related information (See 'Legacy Subscriptions')
Warning |
---|
...
|
...
| |
To protect sensitive information such as your app key and secret, it is important that the token operation only be called from server to server. |
Example REST request
Headers
- X-Application' : 'your app key'
- 'X-Authentication' : 'your session token'
Request Body
client_id=VENDOR_ID
client_secret=VENDOR_SECRET
grant_type=AUTHORIZATION_CODE
code=THE_AUTH_CODE
...
{ "access_token" : "KeOi+kyg2RvDK4HM+W46CvSnP5w=" , "refresh_token" : "50d76117-7f85-375v-a38f-ffb332713f93" , "application_subscription" :{ "vendor_client_id" : "456238" }, "token_type" : "BEARER" , "expires_in" : "14400" } |
You can user the 'expires_in' value to determine when the access token will stop being valid. Alternatively, if calls made with the access token start returning an INVALID_SESSION error, it is likely that the token has expired.
...