Refresh token will not work if you are trying to use it as an access token when making an api call. I would review RFC 6749: The OAuth 2.0 Authorization Framework for getting authorization and making api calls using an access token. You can also look at RFC 6749: The OAuth 2.0 Authorization Framework for using the refresh token to “refresh” your access token. Keap REST API explains how all this works with Infusionsoft. Hopefully that makes sense. Also @John_Borelli has a video I am sure he can post here explaining it all.