Access Token and Refresh Token

Access Token and Refresh Token


Most of the beginners is confused about many topics when they are in the coding journey. and backend development is the most interesting and sometime difficult.

when we enter into backend development some basic concept is required like basic networking, basics of operating system, basic of database etc.

In the backend development journey, it's important to know about Authentication. and when talk about authentication, here is a most important concept which is Token. and we have basically use two type of token is our authentication.

  • Access Token

  • Refresh Token


Before we know about access token and refresh token, let's quickly know disadvantages of If I not using Token's.

If we do not use Token's: -

In simple if we do not use token's then we definitely face multiple issues like: -

  • Security issues.

  • User experience disturb.

  • more load on authentication server.

  • performance impact.

So, in this reasons Token's is very useful to Increase or optimize user experience. let's go and look the details about access token and refresh token.

Access Token: -

Access token is like digital keys that grant authorized access to specific resources without revealing your actual credentials.

Imagine you install an app your mobile and register with your email and password. when you register then you have assigned a secret digital key (Access Token). and when you want to do an activity in the app then app server verify you using your secret digital key (Access Token), and when user is a valid user, then app is proceeded you to specific activity which you want.

Refresh Token: -

Imagine you login the same app after two-three days app is logout automatically because Access token is short-lived (minutes-hours). after access token expired app required your email and password to verify you. This condition is irritating for a user.

So, Refresh Token solve this situation. when you registered the app, you have assigned a Refresh token equally Access token. when access token expired then refresh token request a new access token from the server. and server verifies the refresh token and send a new access token without your credentials.

Because of the refresh token user logged in without frequent interruptions.


I think access token and refresh token is the best way to provide a user to seamless experience. as a backend developer we must be know about access token and refresh token.

Did you find this article valuable?

Support DRLOV by becoming a sponsor. Any amount is appreciated!