Refresh Access Token for users and admins

JWTs have a limited life (5 days for app users, and about 110 days for data hub admins). You should monitor tokens for their remaining life and refresh them before they expire using this method.

For mobile apps, we recommend to use our LoginAuth Framework:
:point-right: iOS
:point-right: Android

When to use this call

AccessTokens have a limited live, and need to be refreshed periodically. Use this call to Receive a new AccessToken. AccessTokens are JSON Web Tokens (JWTs).

Best practices for handling tokens

API credentials consist of three parts: the Device token that identified the associated user, the Access Token (JWT), and finally a Refresh Token. Both the device token and the Access Token are routinely transmitted to the API for credentialling and are at risk to be compromised. The Refresh Token should only be transmitted twice: Once when issued, and then a second time when refreshing the Access Token.

Do RefreshTokens expire?

While Refresh Tokens do not expire themselves, they are associated with the Access Token. When you receive the new Access Token, you will also receive a new Refresh Token, which will have to be used with that new Access Token.

Click Try It! to start a request and see the response here!