For all Health Data API services, an authorization token input parameter called
access_token is mandatory so that Withings platform can attest that the partner is allowed to access the program member's data.
Using your authorization code
refresh_token are obtained by using the authorization
code you obtained on the previous step of this guide to call the getaccesstoken webservice. In result of calling this webservice, you will obtain an
access_token and a
Access and refresh tokens
access_tokenis always provided with a
refresh_tokenmust only be used to request a new
access_tokenonce it has expired.
- When your
access_tokenhas expired, you can use your
refresh_tokento get a new
access_tokenusing the requesttoken webservice.
- When retrieving a new
refresh_tokenis also provided and you have to overwrite your current
refresh_tokenwith the new one.
access_token expires after 3 hours.
refresh_token expires after a year.
When you request new
refresh_token, the former
refresh_token stops being valid after 8 hours, or as soon as the new
access_token is used. This is a safety net in case you were not able to store the new
refresh_token after requesting them.