In the event that a refresh token or access token is denied by an HTTP 401 code, the access token request endpoint must be invoked with the following configuration:
•POST verb.
•Add parameters using the format:
"application/x-www-form-urlencoded".
•The "client_id" access credential must be sent in “Basic xxxxxx” format where the xxxxxx represent Base64 encoded values.
•Specify the "grant_type" parameter with "refresh_token" value.
•Specify the "refresh_token" parameter with the value obtained from the browser's localstorage.
Usage Example in Postman
•Authorization specification with user code.
•Specification of "grant_type", parameter sending format and refresh token value.
As a response, a new access token and the same refresh_token value are obtained.
Example of successful access token request:
{ "access_token": "eyJ.AIMUhTD7kJMi_EAchnsm7yguu4K2iOjTZFjBWcHd57bwcTeghfhfwh_aIYJhGOdCDwyIrkpmFtOOeW2VPG_9UGn2kRmEgLOAjqYJWXrVyjhs877k_cITkcvclAQnCh5TEkmhmE7IKgW1aK53XSP_M4xIOnxCugq4Qvi-2cWI152BWhLRkICgJ4Q", "refresh_token": "eyJraWQiO….4a4xGrq_6137hbsI53AgcPpbDAL6qC1-YfvuzOKYxtwqhieCQSflY9DnTDDVa-0Yy5lxeCfVGt1ra8pxLmhkzz_iaqoabqXprZIejKY9FJIhC0paMTV_w06YSgUh5XI0p3YayrLTjik1YayrLTjik1YayrLT3", "token_type": "Bearer", "expires_in": 86400 }
|
Example of failed access token request:
{ "errors": [ { "message": "Unauthorized", "attribute-name": "" }, { "message": "Invalid refresh token.", "attribute-name": "refresh_token" } ] } |
