• Migration Topics
  • Integration
  • Concepts
  • Best Practices
  • Api
    • Changelog
    • HIRO API Overview
    • HIRO Audit API
    • HIRO Graph - Gremlin Query
    • HIRO Graph Action API
    • HIRO Graph Auth API
    • HIRO Graph List API
    • HIRO Graph WebSocket API
    • Refresh Token

Refresh token functionality allows to get next access token without providing credentials. To get new access token client in initial call provides client credentials with password and as return get long living access_token which may be used to obtain multiple access tokens.

How to use

  • obtaining access token would always return refresh_token (refresh_token would be the same unless it would expire before current access_token)

    example request:

    curl -X POST "APIENDPOINT/auth/6/app" -H  "Content-Type: application/json" -d "{  \"client_id\": \"c01234567890abcdefghijklm_c01234567890abcdefghijklm\",  \"client_secret\": \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890ABCD\",  \"username\": \"user@company.co\",  \"password\": \"12345678\"}"

    example response:

    {
        "_TOKEN": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1ODg5MjY5OTcsInN1YiI6ImlkZW50aXR5SWQiLCJkYXRhIjp7InRlYW1zIjpbInRlYW1JZDEsIHRlYW1JZDIiXSwiZGVmYXVsdC1zY29wZSI6ImRlZmF1bHRTY29wZUlkIiwib3JnYW5pemF0aW9uIjoib3JnYW5pemF0aW9uSWQiLCJfQVBQTElDQVRJT04iOiJhcHBsaWNhdGlvbklkIiwiX0lERU5USVRZX0lEIjoiaWRlbnRpdHlJZCIsImV4cGlyZXMtYXQiOjE1ODg5MjY5OTc0NjgsIl9JREVOVElUWSI6ImlkZW50aXR5TmFtZSIsImNyZWF0ZWQtb24iOjE1ODg5MjY5ODc0NjgsImRlZmF1bHQtdGVhbSI6ImRlZmF1bHRUZWFtSWQifSwiaXNzIjoiaHR0cHM6XC9cL2FyYWdvLmNvIiwiYXVkIjoiYXBwbGljYXRpb25JZCIsImlhdCI6MTU4ODkyNjk4N30.$SIGNATURE",
        "_APPLICATION": "c1234567890abcdefghijklmn_c1234567890abcdefghijklmn",
        "_IDENTITY": "user@company.co",
        "_IDENTITY_ID": "c1234567890abcdefghijklmn_c1234567890abcdefghijklmn",
        "expires-at": 1577711870081,
        "refresh-token": "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890ABCD",
        "type": "Bearer"
    }
  • obtaining token using refresh_token

    example request:

    curl -X POST "APIENDPOINT/auth/6/refresh" -H  "Content-Type: application/json" -d "{  \"client_id\": \"c01234567890abcdefghijklm_c01234567890abcdefghijklm\",  \"client_secret\": \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890ABCD\",  \"refresh_token\": \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890ABCD\"}"

    example response:

    {
        "_TOKEN": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1ODg5MjY5OTcsInN1YiI6ImlkZW50aXR5SWQiLCJkYXRhIjp7InRlYW1zIjpbInRlYW1JZDEsIHRlYW1JZDIiXSwiZGVmYXVsdC1zY29wZSI6ImRlZmF1bHRTY29wZUlkIiwib3JnYW5pemF0aW9uIjoib3JnYW5pemF0aW9uSWQiLCJfQVBQTElDQVRJT04iOiJhcHBsaWNhdGlvbklkIiwiX0lERU5USVRZX0lEIjoiaWRlbnRpdHlJZCIsImV4cGlyZXMtYXQiOjE1ODg5MjY5OTc0NjgsIl9JREVOVElUWSI6ImlkZW50aXR5TmFtZSIsImNyZWF0ZWQtb24iOjE1ODg5MjY5ODc0NjgsImRlZmF1bHQtdGVhbSI6ImRlZmF1bHRUZWFtSWQifSwiaXNzIjoiaHR0cHM6XC9cL2FyYWdvLmNvIiwiYXVkIjoiYXBwbGljYXRpb25JZCIsImlhdCI6MTU4ODkyNjk4N30.$SIGNATURE",
        "_APPLICATION": "c1234567890abcdefghijklmn_c1234567890abcdefghijklmn",
        "_IDENTITY": "user@company.co",
        "_IDENTITY_ID": "c1234567890abcdefghijklmn_c1234567890abcdefghijklmn",
        "expires-at": 1577711870081,
        "type": "Bearer"
    }
  • if trying to refresh token using expired one it would return 401 and then one shall obtain fresh one

Default validity periods for tokens

  • access_token = 1h

  • refresh_token = 24h

Token revocation

Revocation of refresh token works same way as for access token