Sonos Developer

Make a POST request to /login/v3/oauth/access to obtain a new access_token from a refresh_token. This requires a client ID and secret. Be sure to pass your client_id and secret to Sonos securely. See Authorize for details.

POST body request parameters

Use the following request parameters in the body. Sonos requires these, unless otherwise stated in the description.

Name	Description
`refresh_token`	The refresh token for which you are requesting an `access_token`.
`grant_type`	The type of access token requested. The value must be `refresh_token`.

Response parameters

Sonos sends the following response parameters.

Name	Description
`access_token`	The token you can use to access the protected resources.
`token_type`	The type of token. The Sonos authorization server only supports a `token_type` of `Bearer`.
`refresh_token`	The token that you can use to obtain a new access token if the current access token has expired.
`expires_in`	The time in seconds for which the token will be valid.
`scope`	The allowed scope for the issued token.

Error responses

You may receive the following error response from Sonos.

Response code	Error message	Description
400 Bad Request	invalid_request	Invalid refresh token.
400 Bad Request	invalid_grant	Missing `grant_type` parameter.
401 Unauthorized	invalid_client	Failed to get client credentials. This occurs when `client_id` or `secret` parameters are missing.
401 Unauthorized	Authentication required	`client id` or `secret` parameters aren’t valid.

Sample requests

Here’s an example of a generic request:

POST /login/v3/oauth/access HTTP/1.1
Host: api.sonos.com
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Authorization: Basic {base64 encoded client_id:client_secret}
 
grant_type=refresh_token&refresh_token={refresh_token}

POST /login/v3/oauth/access HTTP/1.1

Host: api.sonos.com

Content-Type: application/x-www-form-urlencoded;charset=utf-8

Authorization: Basic {base64 encoded client_id:client_secret}

grant_type=refresh_token&refresh_token={refresh_token}

Here’s an example with some sample data:

POST /login/v3/oauth/access HTTP/1.1
Host: api.sonos.com
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Authorization: Basic ZTI4YTVkOGQtYTc5OS00MDgxLTlhMGItYjdhZGUxZDgyYjVkOmI3OTRjY2Y3LTM5NTctNDkzNi1hOGRjLTgwYmExMGZjNTAzNQ==
 
grant_type=refresh_token&refresh_token=edaf29a4-1385-43bf-9670-dc3fc57d9003

POST /login/v3/oauth/access HTTP/1.1

Host: api.sonos.com

Content-Type: application/x-www-form-urlencoded;charset=utf-8

Authorization: Basic ZTI4YTVkOGQtYTc5OS00MDgxLTlhMGItYjdhZGUxZDgyYjVkOmI3OTRjY2Y3LTM5NTctNDkzNi1hOGRjLTgwYmExMGZjNTAzNQ==

grant_type=refresh_token&refresh_token=edaf29a4-1385-43bf-9670-dc3fc57d9003

Here’s an example using curl:

curl -H "Content-Type: application/x-www-form-urlencoded;charset=utf-8" \
-H "Authorization: Basic ZTI4YTVkOGQtYTc5OS00MDgxLTlhMGItYjdhZGUxZDgyYjVkOmI3OTRjY2Y3LTM5NTctNDkzNi1hOGRjLTgwYmExMGZjNTAzNQ==" \
"https://api.sonos.com/login/v3/oauth/access" \
-d "grant_type=refresh_token&refresh_token=edaf29a4-1385-43bf-9670-dc3fc57d9003" -X POST

curl -H "Content-Type: application/x-www-form-urlencoded;charset=utf-8" \

-H "Authorization: Basic ZTI4YTVkOGQtYTc5OS00MDgxLTlhMGItYjdhZGUxZDgyYjVkOmI3OTRjY2Y3LTM5NTctNDkzNi1hOGRjLTgwYmExMGZjNTAzNQ==" \

"https://api.sonos.com/login/v3/oauth/access" \

-d "grant_type=refresh_token&refresh_token=edaf29a4-1385-43bf-9670-dc3fc57d9003" -X POST

Sample response

Here’s a sample response:

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
   "access_token":"16e515cc-7018-4f34-aa99-be1b9db3331b",
   "token_type":"Bearer",
   "expires_in":3600,
   "refresh_token":"e10de676-06e2-4239-8522-45c3009b3e38",
   "scope":"test"
}

HTTP/1.1 200 OK

Content-Type: application/json;charset=UTF-8

Cache-Control: no-store

Pragma: no-cache

{

"access_token":"16e515cc-7018-4f34-aa99-be1b9db3331b",

"token_type":"Bearer",

"expires_in":3600,

"refresh_token":"e10de676-06e2-4239-8522-45c3009b3e38",

"scope":"test"

}