Refresh Tokens

To provide a means of re-authenticating without the need to use a username and password again, the use of refresh tokens are supported in the following way.

The authentication request responds among other fields with the following

    "auth": {
        "refreshTokenTtl": 604800,
        "refreshTokenCount": 0,
        "refreshToken": "8666B60EF5C908B6302F7E5D405FB50BA7ED75B0"

The refresh token must be stored securely since it has a longer lifespan than a normal access token but obviously can be used to retrieve a new access token.

The refresh token is valid for 7 days or 10 requests before expiring.

To generate a new access token from a refresh token the following request can be used

curl -H "Content-Type: application/json" -d'{"mode":"refresh", "refreshToken": "F4A499F8878D417ABE49190FF978C2056F9D6DE5"}' -X POST ""

To revoke a valid refresh token the mode parameter in the authentication endpoint can be set to "revoke"

curl -H "Content-Type: application/json" -d'{"mode":"revoke", "refreshToken": "F4A499F8878D417ABE49190FF978C2056F9D6DE5"}' -X POST ""