How Do I Use Access Tokens and Refresh Tokens?

This article explains how to use access tokens and refresh tokens when using Ashore’s API.

Ashore’s API enables you to customize your integration with Ashore and any software, proprietary or otherwise. You just need to have access to our API and the API of the other software you want to integrate with.

To access all possible endpoints of our API, click here.

In order to use any of our API endpoints, you must first understand how to use the access tokens and refresh tokens.

Ashore uses the oauth2 model, which means we change out tokens periodically.

When the access token expires, you will get access denied responses. When this occurs, you should be able to use the refresh token to get a new access token.

We explain how to use both types of tokens below.

Using an Access Token

For each authorized API call, you should set an “AccessToken” header and pass the received token value from the login response.

Example for GET /account API:

GET /account HTTP/1.1
AccessToken: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoidXNlcjoxIiwiZXhwIjoxNjcyMzM3MjI1LCJpc3MiOiJhc2hvcmVhcHAuY29tIiwiYXVkIjoiQXBpVXNlcnMifQ.5D6V_BJQAIG2hGP8saLJwi96ldpX99PQw4Adc1I57Y0

Refresh Your Access Token

Since Ashore’s access token is only valid for a specific amount of time, you can stay logged in by using /token/refresh.


POST /token/refresh HTTP/1.1
Content-Type: application/json



    "newToken": "value",
    "refreshToken": "value",
    "validTo": "2023-01-13T16:02:28.4090025Z"