Overview
In order to refresh an existing access token, the application should use a refresh request in the following structure. We recommend the refresh request be made every 30 minutes to make sure that the access token doesn't expire.
Request
| Method | URL |
|---|---|
| POST | https://{domain}/sentinel/api/account/{accountId}/token?v=1.0 |
Query Parameters
| Parameter | Description | Type | Required | Notes |
|---|---|---|---|---|
| v | API version number | number | Required | Default Value: 1.0 |
Headers
| Header | Description |
|---|---|
| Content-Type | application/x-www-form-urlencoded;charset=UTF-8 |
Body
| Parameter | Description | Type | Required | Notes |
|---|---|---|---|---|
| grant_type | String | Required | Value MUST be set to "refresh_token" | |
| refresh_token | refresh token that was supplied in the application previous token or refresh request | String | Required | |
| client_id | installation id provided after application registration | String | Required | |
| client_secret | secret provided after application registration | String | Required |
Example:
client_id=xyz&client_secret=yqr&grant_type=refresh_token&refresh_token=SplxlOBeZQQYbYS6WxSbIA
Response
Response Codes
| Code | Response |
|---|---|
| 200 | OK — request succeeded |
| 400 | Bad request — Problem with body or query parameters |
| 500 | Internal server error |
Response Body
| Attribute name | Description |
|---|---|
| access_token | token to use as authorization when interacting with LE services |
| token_type | Always Bearer |
| refresh_token | token to use when requesting access token refresh |
| expires_in | The lifetime in seconds of the access token |
Note: The Bearer is the access_token attribute
Example:
{
"access_token": "f8fe53ea00999321e0c7c1dd8197881a17d67e27ae596320c352297ee3154861",
"token_type": "Bearer",
"refresh_token": "6be279a5deeb573192ebab4f8d65e3e81eddcb551a15ee6e6b50ac5b6e3a8ea781416c1e366a1ac3486523b0b0c82e1f3e93003031f66efa7af00d681fe4f6943793c376a81b10d73980e59d874ef629bafe3d2de3558d5e847ea0ab588b5e8644eb0941d92908764bc82cdab7a04a61579009eadde40f23beae7f68dfd03b769f3f4ac9daa047183a562160551a09c2d4f2ae0bf7e2a82a0a241e071dc2dd8af20791b3db1c58c76149274a4814a463de920fefec6e84ad3bcf1d99f8c348cd26516b7f54edaf41a3035f82d31c122e0becd08357557287beb4ae2e13516e969fced89443425a59d7878f44e74928e19a8651a31a8ae18e6b9eb44f4fdf8fcf264b2127b3e1c096720d8915464d6cf9",
"expires_in": 28800
}
Note: Response contains refresh token to be used when making a refresh request.
The current LP Identity service implementation will extend the SSO session as long as the app keeps calling the refresh endpoint. every configured period of time