Requesting Access and Refresh Tokens

CSM returns a new Access and Refresh token and invalidates the Access and Refresh token that were previously in use.

Set the Token lifespan and the Refresh Token lifespan for each client ID when you obtain an API Client ID.

  1. Make an HTTP POST call to the token operation to get an Access token. Pass data into the request body according to a specific authentication type.

    The example below shows the response body for the internal authentication mode:

    Copy
    { "access_token": "SampleAccessTokenValue"
    "token_type": "bearer"
    "expires_in": 1199
    "refresh_token": "SampleRefreshTokenValue"
    "as:client_id": "SampleClientIdValue"
    "username": "Username"
    ".issued": "Mon, 17 June 2019 15:31:39 GMT"
    ".expires": "Mon, 17 June 2019 15:51:39 GMT"
    }
  2. Make an HTTP POST call to the token operation to get an Access token using a Refresh token.
  3. Pass data into the request body:
    ParameterValue
    grant_type refresh_token
    client_id as configured
    refresh_token refresh token received with access token
  4. CSM validates the client ID and Refresh token using the token store.

    If the validation is successful, a new Access token and new Refresh token are returned.

    Copy
    { "access_token": "SampleAccessTokenValue"
    "token_type": "bearer"
    "expires_in": 1199
    "refresh_token": "SampleRefreshTokenValue"
    "as:client_id": "SampleClientIdValue"
    "username": "Username"
    ".issued": "Mon, 17 June 2019 20:31:39 GMT"
    ".expires": "Mon, 17 June 2019 20:51:39 GMT"
    }

    If the validation is unsuccessful, an error is returned.