Advanced Options

Applies to ReadyAPI 3.5, last modified on January 19, 2021

You use the advanced OAuth 2.0 settings to define how an access token should be handled.

OAuth 2.0 Advanced Options

Click the image to enlarge it.

There are three settings: one of them relates to sending requests, the others relate to refreshing the access token.

Send Access Token As

The Send Access Token option defines where the access token is sent.

Send Access Token
Option Description Example

The access token is sent as the request header.

Authorization: Bearer rRR0GnTudjuUUGaSt0n

The access token is sent as a query parameter.{userId}?access_token=rRR0GnTudjuUUGaSt0n

Refresh Access Token

By default, this option is set to Automatic, which means the tokens are refreshed automatically and transparently. If you need tokens to time out, you can set the option to Manual.

Note: The server must provide the refresh token to ReadyAPI. If the server does not provide the token, retrieve the access token again to update it.
Option Description

The refresh token is used automatically.


The token has to be applied manually.

When the Refresh Access Token option is set to Manual, the Refresh button that is next to the token becomes active.

Manual Refresh

To use the refresh token and update your access token, click Refresh.

Access Token Expiration Time

The Access Token Expiration Time option defines the expiration time for the access token. You can use the expiration time provided by the server, or you can specify the time you need manually.

Note: The 0 value indicates that the token will never expire. There is no setting for immediate expiration of the token.
Option Description

The expiration time provided by the authorization server is used.


The token will expire after the specified number of seconds, minutes, or hours elapse.

See Also

Automating Token Retrieval
OAuth 2.0 Grant Types
OpenID Connect Grant Types
About OAuth 2.0
OAuth 2.0 and OAuth 2.0 (Azure)

Highlight search results