Create or refresh an access token to make requests on behalf of a user. This endpoint is used to obtain an access_token and refresh_token for the first time, and to refresh the access_token when it expires.
Before you begin, you need to create an application in the Developer Dashboard to obtain a
client_idandclient_secret.
Create Access Token
Requests to PandaDoc API with the returned access_token can now be made on the user's behalf. Include access_token in every request header as follows: Authorization: Bearer <put your access_token here>. Each token comes with an expiration date (in seconds).
Invalid Grant?
If you receive an invalid grant response it is likely because you used the same code more than once from the Authorize a PandaDoc User step above. The code parameter is generated for one-time use. A new code value must be generated if you wish to change API users, permissions, or simply generate a new code value for the same PandaDoc user.
expires_in
expires_in is based in seconds. Currently, a token expires in 31535999 seconds = 1 year.
Refresh Access Token
Eventually, access_token expires and accessing an API method returns 401 unauthorized. Your application needs to refresh the OAuth2 token with the stored refresh_token returned when initially creating an access token.
Once refreshed, calls on behalf of the originally authorized user can resume immediately. Use the newly returned access_token for all future API requests.
Invalid Grant?
If you receive an invalid grant response, it is likely because your refresh_token is invalid.