Using Refresh Token

To obtain a new pair of tokens in case the access token expires or becomes lost, a user sends the HTTP POST request with the refresh token in the request body to the api/oauth2/token endpoint. A successfully completed operation returns the 200 response code and a new pair of tokens in the response body.

Tip

If you lose the refresh token, you can log in again under the same user account and get a new pair of tokens.

Using Refresh TokenExample

To obtain an access token and a refresh token, a user sends the HTTP POST request to the api/oauth2/token endpoint.

In the body of the request, the user specifies the following parameters:

  • grantType — to refresh the token, it is required that the refreshToken value must be specified for this parameter.
  • refreshToken — the previously saved refresh token.

Request:

POST https://127.0.0.1/api/oauth2/token

 

 

Request Body:

grantType=RefreshToken&refreshToken=eyJhbGciOiJSUzUxMiIsImtpZCI6IjQ2MDU0QjExNTE3Njk0QzAxN0IyRTE2MTQyNURCRDM1QkNGNzY3NkQiLCJ0eXAiOiJKV1QifQ.eyJ1bmlxdWVfbmFtZSI6InVzZXIiLCJ0b2tlbl9pZCI6ImQ5ZDhiN2RlLWIwYjUtNDc1Yi04ZTE4LTU4ZGMzMzVmOWIzNSIsInNob3J0X3Rlcm1fZXhwaXJhdGlvbiI6IkZhbHNlIiwibmJmIjoxNTg2MjU1Mzc5LCJleHAiOjE1ODc0NjQ5NzksImlhdCI6MTU4NjI1NTM3OSwiYXVkIjoicmVmcmVzaCJ9.1R2vkCTmAx28mBg21vq61SYTzZN-wCLyG8SjL3iMofuhUKeZ2oRMNlOSTqZ7v-FxvMTXMIVXBw9WRDIjxMzr182K9E26UcblcUa0Gp8o0fNeCKF_pN0WwYx77Ewzedl9bUmY5rlseOjTU-dQNp-G51mGfn4dU4pEaCxFkX9NCGuJqr4Q9NedoyGXNW6PuAm8gwQnOQjLPWmCzkpaBGZMda41osPyq1bKIL6Be7cen1StTKjiU86OzM1sjIOgG3-hZnfKW5ZyO_fLb-nLeRrOuR65f9peJE3WgVFrmWm0MAtxvPCAq99Nutek2ssI2byNzxc1-hOeD-oZrwm-725G8g

The server sends a response in the following format.

Response:

200

Response Body:

{

 "access_token": "eyJhbGciOiJSUzUxMiIsImtpZCI6IjQ2MDU0QjExNTE3Njk0QzAxN0IyRTE2MTQyNURCRDM1QkNGNzY3NkQiLCJ0eXAiOiJKV1QifQ.eyJ1bmlxdWVfbmFtZSI6InVzZXIiLCJuYmYiOjE1ODYyNTU3ODMsImV4cCI6MTU4NjI1NjY4MywiaWF0IjoxNTg2MjU1NzgzLCJhdWQiOiJhY2Nlc3MifQ.nDUwV4M7kuiVSREsobaoE6GMw2kdxrktMGUcW1HtfGPUwdITUe13Cq3yinxIRwxJTT2axk8BrLen16vVC_CbCyqMStkssGP2HuGwaGMltyzcDYcsqF8qVdu9HwddpfOGE_VBP5i2fFeF4C8kqQ-xBPcwOUhZw_Tzr_tOXCHg5MKgYBm0K0JWyc11Dqd6wZEWakpKzDAIMFzkZV9O7jc-z7l5tll1QMEWVRgWDDdcZ7o_5zdZxpn-369VFvlNFxWpM2nsEMhU_iH17Y7P3taDDT56IQe--9T7te7XYiCH2Ob7cetICNf7PHkVMNVsVW9h0hAbCddcR1tbQM0UZW1OAQ",

 "refresh_token": "eyJhbGciOiJSUzUxMiIsImtpZCI6IjQ2MDU0QjExNTE3Njk0QzAxN0IyRTE2MTQyNURCRDM1QkNGNzY3NkQiLCJ0eXAiOiJKV1QifQ.eyJ1bmlxdWVfbmFtZSI6InVzZXIiLCJ0b2tlbl9pZCI6ImI5MjJhNGJiLTJmY2YtNGMwZi1hZGMxLTg2M2I4YzY1MzkxMiIsInNob3J0X3Rlcm1fZXhwaXJhdGlvbiI6IkZhbHNlIiwibmJmIjoxNTg2MjU1NzgzLCJleHAiOjE1ODc0NjUzODMsImlhdCI6MTU4NjI1NTc4MywiYXVkIjoicmVmcmVzaCJ9.0eOnjlaTEmJnFDvzf6BN2y87F1fYHYS3Fh9si5UVNsv_Ug6dmbirsqnLWJI_v-WEWZNl8FbFLKkT-2JB0iYIOkU_jlc4FIh1M9KCv3bLp_J5AJQ3GQM0hlu2IB4K4r5OOhQyOKT45KqNNAHv6TVjJzvQcwVWLlDFYMYybhnHI7Dcb9KHiOx8pHkJSzbozsqntyvhFtpgNqtMd3JHbRP1DdjVXnYeiLLxEmkGF-TDKNW-tlAb4-hYyxmOGfVtlSGluoSukfgL42fAp48EAnGcAfQK8m7KIudN-QmIj8VYZLSSAbqcr_8b54ZaGeIR-jVxEJ0-Cy-TOrQ3yDWzcZ1vjw",

 "accessTokenExpiresAt": "2022-11-01T13:43:43.7826152Z",

 "refreshTokenExpiresAt": "2022-11-02T13:13:43.7826277Z"

}

Page updated 1/4/2024

Page content applies to build 12.7.0.172