Create/Refresh Access Token

Create or refresh an access token to make requests on behalf of a user. This endpoint is used to obtain an access_token and refresh_token for the first time, and to refresh the access_token when it expires.

Before you begin, you need to create an application in the Developer Dashboard to obtain a client_id and client_secret.

Create Access Token

Requests to PandaDoc API with the returned access_token can now be made on the user's behalf. Include access_token in every request header as follows: Authorization: Bearer <put your access_token here>. Each token comes with an expiration date (in seconds).

🚧

Invalid Grant?

If you receive an invalid grant response it is likely because you used the same code more than once from the Authorize a PandaDoc User step above. The code parameter is generated for one-time use. A new code value must be generated if you wish to change API users, permissions, or simply generate a new code value for the same PandaDoc user.

📘

expires_in

expires_in is based in seconds. Currently, a token expires in 31535999 seconds = 1 year.

Refresh Access Token

Eventually, access_token expires and accessing an API method returns 401 unauthorized. Your application needs to refresh the OAuth2 token with the stored refresh_token returned when initially creating an access token.

Once refreshed, calls on behalf of the originally authorized user can resume immediately. Use the newly returned access_token for all future API requests.

🚧

Invalid Grant?

If you receive an invalid grant response, it is likely because your refresh_token is invalid.