SAP Knowledge Base Article - Public

3375876 - How Refresh Token Works


Refresh token is not working after 5 minutes.



Reproducing the Issue

  1. Generate access token and refresh token on Postman;
  2. Use the access token to run the API for 5 minutes;
  3. Use the refresh token to generate another access token to extend 5 minutes limit;
  4. The new generated access token is only available for another 5 minutes and not 20 minutes.


This is expected behavior from refresh token feature.


Access token (access_token) grants 5 minute access to CPQ for API call(s) execution. After 5 minutes, access_token is no longer valid and needs to be generated again. This can be done by:
    1. Using username and password:

  1. The first approach is where grant_type for token generation call must be set to "password"; in this case, username and password must be supplied as user details. 

    2. Using refresh token:

    1. The second approach is where grant_type for token generation call should be set to "refresh_token"; in this case username and password should not be sent, but user needs to supply value of refresh_token he received (refresh_token MUST NOT be older than 20 minutes) instead. Result of this operation is NEW pair of access and refresh tokens, where 5 minute access to CPQ is granted. Refresh token can be used ONLY ONCE (oauth2 token rotation principle). If more than 20 minutes has elapsed, the first approach must be used.

Each refresh is granting 5 minute access to CPQ, users have time frame of 20 minutes to use refresh token, if they do not wish to send un/pass data all the time to establish new session.


Token, Refresh Token, Postman, CPQ, Access Token , KBA , CEC-SAL-CPQ , Sales Cloud CPQ , Bug Filed


SAP CPQ 2023