Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Alphyo's avatar

[Newbie Question] How to refresh a token provided by a third party API?

Hi,

Another question related to the IGDB API (v4).

As written in the docs, after successfully creating the Client ID and the client secret,

"the response from this will be a json object containing the access token and the number of second until the token expires."

{ "access_token": "prau3ol6mg5glgek8m89ec2s9q5i3i", "expires_in": 5587808, "token_type": "bearer" }

Now, at the moment I stored these info in the services.php like this:

'igdb' => [ 'headers' => [ 'Client-ID' => env('IGDB_CLIENT_ID'), 'Authorization' => (env('IGDB_ACCESS_TOKEN')), ], 'endpoint' => 'https://api.igdb.com/v4/games',

and the tokens in the .env file like this:

IGDB_CLIENT_ID='aaaaaaaaaaaaaaaaaaaaaaaaaaaa' IGDB_ACCESS_TOKEN='aaaaaaaaaaaaaaaaaaaaaaaaa'

How should I proceed to refresh the tokens I need to fetch the API before they expire? Is a database needed? Is manually refreshing them doable?

0 likes
1 reply
tisuchi's avatar

@alphyo it's not written in the official documentation, however, generally, we pass grant_type=refresh_token to refresh API token. You can give a try this.

Here is a sample code-

POST /oauth/token HTTP/1.1
Host: authorization-server.com
 
grant_type=refresh_token
&refresh_token=xxxxxxxxxxx
&client_id=xxxxxxxxxx
&client_secret=xxxxxxxxxx
1 like

Please or to participate in this conversation.