> ## Documentation Index > Fetch the complete documentation index at: https://docs.whitebit.com/llms.txt > Use this file to discover all available pages before exploring further. # Refresh Token > Use a refresh token to obtain a new OAuth 2.0 access token without requiring user reauthorization. ## OpenAPI ````yaml openapi/oauth2.yaml POST /oauth2/refresh_token openapi: 3.0.3 info: title: OAuth 2.0 API Reference description: WhiteBIT OAuth 2.0 API for authentication and account management version: 1.0.0 servers: - url: https://whitebit.com description: WhiteBIT Global Server - url: https://whitebit.eu description: WhiteBIT EU Server security: [] tags: - name: Authentication description: > OAuth 2.0 authentication endpoints for obtaining and refreshing access tokens. Available Scopes (requested during client setup): - general: General API access - show.userinfo: Access to basic user information - users.read: Read user data - users.email.read: Read user email information - users.kyc.read: Information about whether a user has passed KYC verification - orders.read: Read trading orders - orders.create: Create trading orders - orders.delete: Delete trading orders - balances.read: Read account balances - markets.read: Read market information - deals.read: Read trading deals - orders_history.read: Read order history - users.transactions.read: Read user transactions - users.converts.read: Read currency conversion history - users.balances.read: Read user account balances - users.orders.read: Read user orders - users.deals.read: Read user deals - apikeys.create: Issue an OAuth-bound API key during the consent flow - apikeys.read: Read OAuth-issued API key state and retrieve its secret once - apikeys.delete: Delete an OAuth-issued API key linked to the partner - name: Account Endpoints description: >- Endpoints for retrieving account information, balances, and transaction history - name: OAuth API Keys description: > Partner-facing endpoints for managing API keys created via the OAuth API key flow. Available on the global server (`https://whitebit.com`) only. The EU server (`https://whitebit.eu`) does not expose these endpoints in this release. Required scopes: - `apikeys.read` for `GET /oauth2/api-key/info` and `GET /oauth2/api-key/{externalId}/secret` - `apikeys.delete` for `DELETE /oauth2/api-key/{externalId}` paths: /oauth2/refresh_token: post: tags: - Authentication summary: Refresh Token description: | This endpoint creates a new access token using a refresh token. **Request Headers:** - Content-Type: application/x-www-form-urlencoded **Important Notes:** - Refresh token duration is 600 seconds - Rate limit: 1 request per second - The IP of the client must be added to WB Allowlist requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object required: - client_id - client_secret - token properties: client_id: type: string description: The application's client ID example: YOUR_CLIENT_ID client_secret: type: string description: The application's client secret example: YOUR_CLIENT_SECRET token: type: string description: The refresh token received from the token endpoint example: REFRESH_TOKEN responses: '200': description: Successful token refresh content: application/json: schema: type: object properties: data: type: object properties: access_token: type: string description: The new access token for API requests example: NTBLZJKYNZETNJFIZC0ZNGM1LWJMYTMTODBJYZRKNWE2NMRM expires_in: type: integer description: Token expiration time in seconds example: 300 refresh_token: type: string description: New refresh token example: ODZMNMRHM2ETMZQZZI01OTQYLWEWMZATNWQ0NDYZNJBMOWUW scope: type: string description: Comma-separated list of granted scopes example: codes.apply,show.userinfo token_type: type: string description: Type of the token example: Bearer '400': description: Invalid token content: application/json: schema: type: object properties: data: type: object properties: token: type: array items: type: string example: - Invalid token. ````