Getting a Refresh Token

This guide covers the OAuth 2.0 refresh token mechanism.


This guide walks you through the steps of refreshing an access token for making RESTful API calls to ProcessMaker. Access tokens typically have a limited lifespan, and once they expire, they need to be refreshed using a refresh token. This guide assumes you already have a refresh token. If not, refer to the "How to Get an Access Token" guide.

Client Application

pageCreating a Client Application

Choose Your Tutorial

Step 1: Install Necessary Python Dependencies

Before starting, ensure you have the necessary Python libraries installed. You'll need requests for making HTTP requests.

You can install it via pip:

pip install requests

Step 2: Refreshing the Access Token

Use the following Python code to refresh your access token:

import requests

# Define the token endpoint
token_url = "https://<your-instance>"

# Define the payload
payload = {
    "grant_type": "refresh_token",
    "refresh_token": "<your-refresh-token>",
    "client_id": "<your-client-id>",
    "client_secret": "<your-client-secret>"

# Make the POST request
response =, data=payload)
token_info = response.json()

# Print the new access token
print(f'New Access Token: {token_info["access_token"]}')

Don't forget!


  • <your-instance> with your actual ProcessMaker instance URL.

  • <your-refresh-token> with the refresh token you received when you first obtained your access token.

  • <your-client-id> and <your-client-secret> with the client ID and secret of your application.

Step 3: Review the Response

After executing the script, you should receive a new access token and possibly a new refresh token. Store these securely, as you'll need the access token for future API requests and the refresh token for future token refreshes.


Refreshing your access token is an essential step in maintaining uninterrupted access to the ProcessMaker API. By using Python and the requests library, you can easily and efficiently refresh your token. Always ensure you handle your tokens securely, as they are vital for maintaining secure communication with the API.

Last updated