Sample code for 30+ languages & platforms
PureBasic

Refresh a Xero OAuth2 Access Token

See more Xero Examples

Refreshes a Xero OAuth2 access token. When an access token expires (after 1 hour), you will received a 401 status code indicating failure. When that happens, your application can run this code to refresh the access token, and then retry the request using the new access token. Refreshing an access token does not need user interaction (i.e. does not need to display a browser to have the user interactive authorize access).

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkStringBuilder.pb"
IncludeFile "CkJsonObject.pb"
IncludeFile "CkOAuth2.pb"

Procedure ChilkatExample()

    success.i = 0

    ; This example requires the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    ; It is assumed we previously obtained an OAuth2 access token.
    ; This example loads the JSON access token file 
    ; saved by this example: Get Xero OAuth2 Access Token

    jsonToken.i = CkJsonObject::ckCreate()
    If jsonToken.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkJsonObject::ckLoadFile(jsonToken,"qa_data/tokens/xero-access-token.json")
    If success <> 1
        Debug "Failed to load xero-access-token.json"
        CkJsonObject::ckDispose(jsonToken)
        ProcedureReturn
    EndIf

    ; The access token JSON looks like this:

    ; {
    ;   "id_token": "eyJhbGci...dqRs3MctS_g",
    ;   "access_token": "eyJhbGci...sUoAhoQ",
    ;   "expires_in": 1800,
    ;   "token_type": "Bearer",
    ;   "refresh_token": "2f77b...bfc2ee16f",
    ;   "scope": "openid profile email accounting.transactions accounting.settings payroll.employees offline_access"
    ; }

    oauth2.i = CkOAuth2::ckCreate()
    If oauth2.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkOAuth2::setCkTokenEndpoint(oauth2, "https://identity.xero.com/connect/token")

    ; Replace these with actual values.
    CkOAuth2::setCkClientId(oauth2, "XERO_APP_OAUTH2_CLIENT_ID")
    CkOAuth2::setCkClientSecret(oauth2, "XERO_APP_OAUTH2_CLIENT_SECRET")
    CkOAuth2::setCkUseBasicAuth(oauth2, 1)

    ; Get the "refresh_token"
    CkOAuth2::setCkRefreshToken(oauth2, CkJsonObject::ckStringOf(jsonToken,"refresh_token"))

    ; Send the HTTP POST to refresh the access token..
    success = CkOAuth2::ckRefreshAccessToken(oauth2)
    If success <> 1
        Debug CkOAuth2::ckLastErrorText(oauth2)
        CkJsonObject::ckDispose(jsonToken)
        CkOAuth2::ckDispose(oauth2)
        ProcedureReturn
    EndIf

    Debug CkOAuth2::ckAccessTokenResponse(oauth2)

    ; The response contains a new access token and refresh token.
    ; Update the JSON and re-save to the token file.
    CkJsonObject::ckUpdateString(jsonToken,"access_token",CkOAuth2::ckAccessToken(oauth2))
    CkJsonObject::ckUpdateString(jsonToken,"refresh_token",CkOAuth2::ckRefreshToken(oauth2))

    ; Save the new JSON access token response to a file.
    sbJson.i = CkStringBuilder::ckCreate()
    If sbJson.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkJsonObject::setCkEmitCompact(jsonToken, 0)
    CkJsonObject::ckEmitSb(jsonToken,sbJson)
    CkStringBuilder::ckWriteFile(sbJson,"qa_data/tokens/xero-access-token.json","utf-8",0)

    Debug "OAuth2 authorization granted!"
    Debug "New Access Token = " + CkOAuth2::ckAccessToken(oauth2)


    CkJsonObject::ckDispose(jsonToken)
    CkOAuth2::ckDispose(oauth2)
    CkStringBuilder::ckDispose(sbJson)


    ProcedureReturn
EndProcedure