Get Access Token By API Refresh Token
DescriptionThe end-point is for exchanging organization scoped API-tokens only, that are obtained from the CSP web console.
1. Including the api_token parameter using the application/x-www-form-urlencoded format in the HTTP request body.
2. DEPRECATED: Passing the refresh_token param name, need to use api_token
3. DEPRECATED: Passing the refresh_token via query param
Access Policy
| Role | User Accounts | Service Accounts (Client Credentials Applications) |
|---|---|---|
| Anonymous | ✔️ | ✔️ |
Request
URLURL
Request Body
The application/x-www-form-urlencoded form data type.
{
"api_token": "string",
"passcode": "string",
"refresh_token": "string"
}
The value of the API token.
The multi-factor authentication passcode from the registered multi-factor authentication (MFA) device.
Deprecated, need to use api_token
Authentication
Response
Response BodyResponse Body
200 OK
{
"access_token": "string",
"expires_in": 0,
"id_token": "string",
"refresh_token": "string",
"scope": "string",
"token_type": "string"
}
The access token. This is a JWT token that grants access to resources.
Access token expiration in seconds.
The ID Token is a signed JWT token returned from the authorization server and contains the user’s profile information, including the domain of the identity provider. This domain is used to obtain the identity provider URL. This token is used for optimization so the application can know the identity of the user, without having to make any additional network requests. This token can be generated via the Authorization Code flow only.
The value of the Refresh token.
The scope of access needed for the token
The type of the token.
Errors
Invalid request body | In case of expired refresh_token.
The requested resource could not be found
The request could not be processed due to a conflict
The user has sent too many requests
An unexpected error has occurred while processing the request
Code Samples
cURL Command
Vendor Extensions
x-required-roles: ""
x-slo-tier: TIER1
