Refresh YDN Access Token

Since access tokens expire after one hour, you must obtain a new access token periodically.

Best Practices

Key points to consider when working with refresh tokens:

  • Refresh tokens do not expire. They can only be invalidated explicitly by the user.

  • As a best practice, immediately capture the refresh token after using it to get a new access token. It may change, and when it does you should use the new one.

  • If you change your password, the existing refresh token should continue to work. A new refresh token will not be issued and you won’t need to request user consent and restart the OAuth flow.

Generate New Access Tokens

To obtain a new access token, send a request to the YDN authorization server specifying your ENCODED(CLIENT_ID:CLIENT_SECRET) and REFRESH_TOKEN.

  1. Run the following cURL command using your refresh_token.

  • Substitute your ENCODED(CLIENT_ID:CLIENT_SECRET) for the <<ENCODED(CLIENT_ID:CLIENT_SECRET)>> placeholder.

  • Substitute your REFRESH_TOKEN for the <<REFRESH_TOKEN>> placeholder.

curl "" \
   -X POST \
   -H "Content-Type: application/x-www-form-urlencoded" \
   -H "Authorization: Basic <<ENCODED<CLIENT_ID:CLIENT_SECRET>>>" \
   -d 'grant_type=refresh_token&redirect_uri=oob&refresh_token=<<REFRESH_TOKEN>>'

The YDN authorization server returns the JSON response.

  1. Copy and save the value of the refresh token in the response. You will need it to regenerate the OAUTH access tokens which do have a lifetime of 1 hour.

Response Fields

A successful response contains the following fields:




The access token signed by Yahoo. Use this token to access Yahoo DSP API. This token has a 1-hour lifetime.


Identifies the type of token returned. At this time, this field always has the value bearer.


The access token lifetime in seconds.


The refresh token that you can use to acquire a new access token after the current one expires. For details on how, see Refreshing an Access Token in RFC 6749.


The GUID of the Yahoo user.