How to use a Refresh Token in Postman?


  • You must have signed up for a MediaValet API Developer Account, subscribed to a plan and have been provided a ClientId and ClientSecret from MediaValet's Support Team.

  • Your MediaValet - Guide Variables environment must have the ClientId, ClientSecret, Scope, State and redirect_URI values configured. 

  • The base URL for all authentication requests is


A refresh token is used to generate additional access tokens. This allows you to have short-lived access tokens without having to collect credentials every single time one expires. You request this token alongside the access and/or ID tokens as part of a user's initial authentication flow.


To refresh your access token as well as an ID token, you send a token request with a grant_type of




Request Parameters:

Parameter Description
client_id Identifies the client and must match the value pre-registered with MediaValet.
client_secret This client secret is used in conjunction with client_id to authenticate the client application.
code The value is what was returned from the authorization endpoint. The code has a lifetime of 60 seconds.
grant_type Can be one of the following: authorization_code or refresh_token. Determines the mechanism MediaValet uses to authorize the creation of the tokens.
redirect_uri Required when grant_type is authorization_code. Specifies the callback location where the authorization was sent. This value must match the redirect_uri used to generate the original authorization_code.
refresh_token Required when grant_type is refresh_token. The value is a valid refresh token that was returned from this endpoint previously.


  • From the Postman "Authentication" screen, ensure the Refresh Token URL value is set to
  • Click the "Get New Access Token" orange button found at the bottom of the page. You will be prompted to input your MediaValet library's user account credentials from the pop-up window that appears

  • Once successfully authenticated, click "Proceed" from the notification screen that appears in Postman and copy the value that appears in the refresh_token header as shown below:

  • Open a new tab in Postman and perform a POST request against with the following values configured

    • refresh_token = {This should be the value that was copied from the authentication header}
    • client_Id = Provided by MediaValet Support Team during setup
    • client_secret = Provided by MediaValet Support Team during setup
    • grant_type = refresh_token

      An example of this can be seen below:

  • In the response, you will then provided with a new Access_Token and refresh_token. The above steps can be completed continuously to provision new access tokens as needed to extend the lifespan of the authentication. 
Was this article helpful?
0 out of 1 found this helpful