Get an access token and a refresh token

This topic describes two ways of getting an access token. The first way is to use an API key to get both an access token and a refresh token. The second way is to use a refresh token to get an access token.

test

Use an API key to get an access token

To get an access token using an API key:

Make a POST call to the authentication endpoint to get an access token. You pass the API key and some other parameters. The response contains the access token and the refresh token.

To create a request to get an access token using an API key, use the following details

Method: POST

Endpoint: https://api.rfksrv.com/account/1/access-token

Key	Type	Description	Value
`x-api-key`	string	Required. Pass this in the header A secret key that Discovers generates. You get this from your account manager when you first sign up with Discover. You can see this value in the Customer Engagement Console (CEC) by clicking Developer Resources, API Access.	n/a
`scope`	string	Required. Permissions that define which Discover APIs you can call. For more information, see API key scopes. You can see the scopes assigned to your API key in the CEC by going to Developer Resources , API Access.	`search-rec` `event` `feed` `services`
`accessExpiry`	integer	Optional. The validity of the access token in milliseconds. If you do not add this key, the default access token expiry is 1 day or 86400000 milliseconds.	n/a
`refreshExpiry`	integer	Optional. The validity of the refresh token in milliseconds. If you do not add this key, the default refresh token expiry is 7 days or 604800000 milliseconds.	n/a

The following is a sample CURL request for an access token with a validity of 12 hours and a refresh token with a validity of 3 days:

RequestResponse

curl -X POST \
  https://api.rfksrv.com/account/1/access-token \
  -H 'Content-Type: application/json' \
  -H 'x-api-key: 01-90d33624-99f708fa77a1e94a25c4a1afd0f28a4c23ff5251' \
  -d '{"scope":["search-rec"], "accessExpiry": 43200000, "refreshExpiry": 259200000}'

Sample response:

RequestResponse

{
    "accessToken": "167dgw2vyy733",
    "refreshToken": "1b555d88sss448",
    "accessTokenExpiry": 43200000,
    "refreshTokenExpiry": 259200000
}

Use a refresh token to get an access token

To get an access token using a refresh token:

Make a PUT call to the authentication endpoint. You pass the refresh token in the header. The response contains a new access token.

To create a request to get an access token using a refresh token, use the following details

Method: PUT

Endpoint: https://api.rfksrv.com/account/1/access-token

Parameter	Type	Description
`refresh-token`	string	Required. Pass this in the header. A secret token you can use to get a new access key without passing the API key again. You get the refresh token in the response when you use the API key to get an access token. Note Ensure that your refresh token is still valid when you make this call.

Parameter

Type

Description

refresh-token

string

Required. Pass this in the header.

A secret token you can use to get a new access key without passing the API key again. You get the refresh token in the response when you use the API key to get an access token.

Note

Ensure that your refresh token is still valid when you make this call.

Here is a sample CURL request:

RequestResponse

curl -X PUT \

  https://api.rfksrv.com/account/1/access-token \

  -H 'Authorization': Bearer <refresh-token>' \ 

  -H 'Content-Type: application/json'

Sample response:

RequestResponse

{
    "accessToken": "187dgb6vmy733"
}

Do you have some feedback for us?

If you have suggestions for improving this article,