There are times when your app or integration with RingCentral may not require the refresh_token as part of the oauth/token request while obtaining an access_token. When your app or integration doesn't require this refresh_token, you can easily disable it by setting the TTL (time to live) for the refresh_token_ttl to zero (0).
Requesting an access_token and generating a refresh_token:
POST /restapi/oauth/token HTTP/1.1
HOST: https://platform.ringcentral.com
Content-Type: application/x-form-www/urlencoded; charset=utf-8
Authorization: Basic [Base64 Encoded appKey + appSecret]
username=[ringCentralUsername]&password=[ringCentralPassword]&grant_type=password
Response generating a refresh_token:
{ "access_token": "[ACCESS_TOKEN_HIDDEN_FOR_SECURITY_REASONS]", "token_type": "bearer", "expires_in": 3599, "refresh_token": "[REFRESH_TOKEN_HIDDEN_FOR_SECURITY_REASONS]", "refresh_token_expires_in": 604799, "scope": "ReadCallLog", "owner_id": "[RC_OWNER_ID_HIDDEN_FOR_SECURITY_REASONS]" }
Requesting an access_token without generating a refresh_token:
POST /restapi/oauth/token HTTP/1.1
HOST: https://platform.ringcentral.com
Content-Type: application/x-form-www/urlencoded; charset=utf-8
Authorization: Basic [Base64 Encoded appKey + appSecret]
username=[ringCentralUsername]&password=[ringCentralPassword]&refresh_token_ttl=0&grant_type=password
Response without generating a refresh_token:
{ "access_token": "[ACCESS_TOKEN_HIDDEN_FOR_SECURITY_REASONS]", "token_type": "bearer", "expires_in": 3599, "scope": "ReadCallLog", "owner_id": "[RC_OWNER_ID_HIDDEN_FOR_SECURITY_REASONS]" }
An example use case for not needing the refresh token is for server-to-server applications where you already know the username and password for your application and can simply make a request once per hour to fetch a new token.
