CSM
returns a new Access and Refresh token and invalidates the Access and Refresh
token that were previously in use.
Set the Token lifespan and the Refresh Token lifespan for each client
ID when you obtain an API Client ID.
- Make an HTTP POST call to the token operation to get an Access
token. Pass data into the request body according to a specific authentication
type.
The example below shows the response body for the internal
authentication mode:
{
"access_token": "SampleAccessTokenValue",
"token_type": "bearer",
"expires_in": 1199,
"refresh_token": "SampleRefreshTokenValue",
"as:client_id": "SampleClientIdValue",
"username": "Username",
".issued": "Mon, 17 June 2019 15:31:39 GMT",
".expires": "Mon, 17 June 2019 15:51:39 GMT"
}
- Make an HTTP POST call to the token operation to get an Access
token using a Refresh token.
- Pass data into the request body:
grant_type
|
refresh_token
|
client_id
|
as configured
|
refresh_token
|
refresh token received with access
token
|
- CSM
validates the client ID and Refresh token using the token store.
If the validation is successful, a new Access token and new
Refresh token are returned.
{
"access_token": "SampleAccessTokenValue",
"token_type": "bearer",
"expires_in": 1199,
"refresh_token": "SampleRefreshTokenValue",
"as:client_id": "SampleClientIdValue",
"username": "Username",
".issued": "Mon, 17 June 2019 20:31:39 GMT",
".expires": "Mon, 17 June 2019 20:51:39 GMT"
}
If
the validation is unsuccessful, an error is returned.