# MD for: https://www.mercadopago.com.br/developers/pt/docs/subscriptions/additional-content/security/oauth/renewal.md

\# Renew Access Token The \*\*Refresh token\*\* flow is used to exchange a \*\*temporary grants\*\* of type \`refresh\_token\` for an Access Token when the current Access Token\*\*is close to expiry\*\*. The Access Token received through the endpoint is \*\*valid for 180 days\*\*, after which the entire authorization flow must be reconfigured. Additionally, the flow allows you to continue using a valid Access Token with the same characteristics as the original token without the need for a new interaction with the user. By performing this flow, the original token is exchanged for a new one which also offers the ability to limit scopes by returning a new refresh token for future exchange. > WARNING > > Important > > This flow can only be used if the application return the \`scope\` parameter indicating the value \`offline\_access\` and the vendor has previously authorized this action through the Authorization code flow. Follow the steps below to renew the \*\*Access Token\*\*. 1\. Send the \`refresh\_token\` code, your \[credentials\](https://www.mercadopago.com.br/developers/en/docs/your-integrations/credentials), and the \`authorization\_code\` (see \[Creation\](https://www.mercadopago.com.br/developers/en/docs/security/oauth/creation#bookmark\_authorization\_code)) to the \[/oauth/token\](https://www.mercadopago.com.br/developers/en/reference/authentication/oauth/\_oauth\_token/post) endpoint with the \`refresh\_token\` code in the \`grant\_type\` string to receive a new response with a new \`access\_token\` and a new \`refresh\_token\`. 2\. Update the application with the Access Token received in the response. > WARNING > > Important > > Remember that every time you refresh the \`access\_token\`, the \`refresh\_token\` will also be refreshed, so you will need to store it again. 

* [curl ](#editor%5F4)
* [java ](#editor%5F2)
* [node ](#editor%5F3)
* [php ](#editor%5F1)
php java node curl 

```
<?php
  $client = new OauthClient();
  $request = new OAuthRefreshRequest();
  $request->client_secret = "CLIENT_SECRET";
  $request->client_id = "CLIENT_ID";
  $request->refresh_token = "REFRESH_TOKEN";

  $client->refresh($request);
?>
```

Copiar 

```
OauthClient client = new OauthClient();

String refreshtoken = "TG-XXXXXXXX-241983636";
client.createCredential(refreshtoken, null);
```

Copiar 

```
const client = new MercadoPagoConfig({ accessToken: 'access_token', options: { timeout: 5000 } });

const oauth = new OAuth(client);

oauth.refresh({
	'client_secret': 'your-client-secret',
	'client_id': 'your-client-id',
	'refresh_token': 'refresh-token'
}).then((result) => console.log(result))
	.catch((error) => console.log(error));
```

Copiar 

```
curl -X POST \
'https://api.mercadopago.com/oauth/token'\
-H 'Content-Type: application/json' \
-d '{
 "client_id": "client_id",
 "client_secret": "client_secret",
 "grant_type": "refresh_token",
 "refresh_token": "TG-XXXXXXXX-241983636"
}'
```

Copiar