In order to refresh an existing access token, the application should use a refresh request in the following structure. We recommend the refresh request be made every 30 minutes to make sure that the access token doesn't expire.


Method URL
POST https://{domain}/sentinel/api/account/{accountId}/token?v=1.0

Query Parameters

Parameter Description Type Required Notes
v API version number number Required Default Value: 1.0


Header Description
Content-Type application/x-www-form-urlencoded;charset=UTF-8


Parameter Description Type Required Notes
grant_type   String Required Value MUST be set to "refresh_token"
refresh_token refresh token that was supplied in the application previous token or refresh request String Required  
client_id installation id provided after application registration String Required  
client_secret secret provided after application registration String Required  




Response Codes

Code Response
200 OK — request succeeded
400 Bad request — Problem with body or query parameters
500 Internal server error

Response Body

Attribute name Description
access_token token to use as authorization when interacting with LE services
token_type Always Bearer
refresh_token token to use when requesting access token refresh
expires_in The lifetime in seconds of the access token

Note: The Bearer is the access_token attribute


      "access_token": "f8fe53ea00999321e0c7c1dd8197881a17d67e27ae596320c352297ee3154861",
      "token_type": "Bearer",
      "refresh_token": "6be279a5deeb573192ebab4f8d65e3e81eddcb551a15ee6e6b50ac5b6e3a8ea781416c1e366a1ac3486523b0b0c82e1f3e93003031f66efa7af00d681fe4f6943793c376a81b10d73980e59d874ef629bafe3d2de3558d5e847ea0ab588b5e8644eb0941d92908764bc82cdab7a04a61579009eadde40f23beae7f68dfd03b769f3f4ac9daa047183a562160551a09c2d4f2ae0bf7e2a82a0a241e071dc2dd8af20791b3db1c58c76149274a4814a463de920fefec6e84ad3bcf1d99f8c348cd26516b7f54edaf41a3035f82d31c122e0becd08357557287beb4ae2e13516e969fced89443425a59d7878f44e74928e19a8651a31a8ae18e6b9eb44f4fdf8fcf264b2127b3e1c096720d8915464d6cf9",
      "expires_in": 28800

Note: Response contains refresh token to be used when making a refresh request.

The current LP Identity service implementation will extend the SSO session as long as the app keeps calling the refresh endpoint. every configured period of time