Requesting Access and Refresh Tokens

CSM returns a new Access and Refresh token and invalidates the Access and Refresh token that were previously in use.

Set the Token lifespan and the Refresh Token lifespan for each client ID when you obtain an API Client ID.

Make an HTTP POST call to the token operation to get an Access token. Pass data into the request body according to a specific authentication type.

The example below shows the response body for the internal authentication mode:

                                    {
  "access_token": "SampleAccessTokenValue",
  "token_type": "bearer",
  "expires_in": 1199,
  "refresh_token": "SampleRefreshTokenValue",
  "as:client_id": "SampleClientIdValue",
  "username": "Username",
  ".issued": "Mon, 17 June 2019 15:31:39 GMT",
  ".expires": "Mon, 17 June 2019 15:51:39 GMT"
}

Make an HTTP POST call to the token operation to get an Access token using a Refresh token.
Pass data into the request body:

Parameter Value

grant_type refresh_token

client_id as configured

refresh_token refresh token received with access token

Parameter	Value
grant_type	refresh_token
client_id	as configured
refresh_token	refresh token received with access token

CSM validates the client ID and Refresh token using the token store.

If the validation is successful, a new Access token and new Refresh token are returned.

                                        {
  "access_token": "SampleAccessTokenValue",
  "token_type": "bearer",
  "expires_in": 1199,
  "refresh_token": "SampleRefreshTokenValue",
  "as:client_id": "SampleClientIdValue",
  "username": "Username",
  ".issued": "Mon, 17 June 2019 20:31:39 GMT",
  ".expires": "Mon, 17 June 2019 20:51:39 GMT"
}

If the validation is unsuccessful, an error is returned.