article

There are times when your app or integration with RingCentral may not require the refresh_token as part of the oauth/token request while obtaining an access_token. When your app or integration doesn't require this refresh_token, you can easily disable it by setting the TTL (time to live) for the refresh_token_ttl to zero (0).

Requesting an access_token and generating a refresh_token:

POST /restapi/oauth/token HTTP/1.1
HOST:  https://platform.ringcentral.com
Content-Type: application/x-form-www/urlencoded; charset=utf-8
Authorization: Basic [Base64 Encoded appKey + appSecret]

username=[ringCentralUsername]&password=[ringCentralPassword]&grant_type=password

Response generating a refresh_token:

{   "access_token": "[ACCESS_TOKEN_HIDDEN_FOR_SECURITY_REASONS]",   "token_type": "bearer",   "expires_in": 3599,   "refresh_token": "[REFRESH_TOKEN_HIDDEN_FOR_SECURITY_REASONS]",   "refresh_token_expires_in": 604799,   "scope": "ReadCallLog",   "owner_id": "[RC_OWNER_ID_HIDDEN_FOR_SECURITY_REASONS]" }

Requesting an access_token without generating a refresh_token:

POST /restapi/oauth/token HTTP/1.1
HOST: https://platform.ringcentral.com
Content-Type: application/x-form-www/urlencoded; charset=utf-8
Authorization: Basic [Base64 Encoded appKey + appSecret]

username=[ringCentralUsername]&password=[ringCentralPassword]&refresh_token_ttl=0&grant_type=password

Response without generating a refresh_token:

{   "access_token": "[ACCESS_TOKEN_HIDDEN_FOR_SECURITY_REASONS]",   "token_type": "bearer",   "expires_in": 3599,   "scope": "ReadCallLog",   "owner_id": "[RC_OWNER_ID_HIDDEN_FOR_SECURITY_REASONS]" }

An example use case for not needing the refresh token is for server-to-server applications where you already know the username and password for your application and can simply make a request once per hour to fetch a new token.