Get an access token and a refresh token
This topic describes two ways of getting an access token. The first way is to use an API key to get an access token. The second way is to use a refresh token to get an access token.
Use an API key to get an access token
To get an access token using an API key:
-
Make a
POST
call to the authentication endpoint to get an access token. You pass the API key and some other parameters. The response contains the access token and the refresh token.
To create a request to get an access token using an API key, use the following details:
Method: POST
Endpoint: https://api.rfksrv.com/account/1/access-token
Key |
Type |
Description |
Value |
---|---|---|---|
|
string |
Required. Pass this in the header A secret key that Sitecore Search generates. You get this from your account manager when you first sign up with. You can see this value in the Customer Engagement Console (CEC) by going to Developer Resources, API Access. |
n/a |
|
string |
Required. Permissions that define which Sitecore Search APIs you can call. You can see the scopes assigned to your API key in the CEC by going to Developer Resources, API Access. |
|
|
integer |
Optional. The validity of the access token in milliseconds. If you do not add this key, the default access token expiry is 1 day or 86400000 milliseconds. |
n/a |
|
integer |
Optional. The validity of the refresh token in milliseconds. If you do not add this key, the default refresh token expiry is 7 days or 604800000 milliseconds. |
n/a |
The following is a sample CURL request for an access token with a validity of 12 hours and a refresh token with a validity of 3 days:
curl -X POST \
https://api.rfksrv.com/account/1/access-token \
-H 'Content-Type: application/json' \
-H 'x-api-key: 01-90d33624-99f708fa77a1e94a25c4a1afd0f28a4c23ff5251' \
-d '{"scope":["discover"],"accessExpiry": 43200000, \
"refreshExpiry": 259200000}'
Sample response:
{
"accessToken": "167dgw2vyy733",
"refreshToken": "1n555d88sss448",
"accessTokenExpiry": 43200000,
"refreshTokenExpiry": 259200000
}
Use a refresh token to get an access token
To get an access token using a refresh token:
-
Make a
PUT
call to the authentication endpoint. You pass the refresh token in the header. The response contains a new access token.
To create a request to get an access token using a refresh token, use the following details:
Method: PUT
Endpoint: https://api.rfksrv.com/account/1/access-token
Parameter |
Type |
Description |
---|---|---|
|
string |
Required. Pass this in the header. A secret token you can use to get a new access key without passing the API key again. You get the refresh token in the response when you use the API key to get an access token. Note Ensure that your refresh token is still valid when you make this call. |
Here is a sample CURL request:
curl -X PUT \
https://<base-url>api.rfksrv.com/account/1/access-token \
-H 'Authorization': Bearer 1n555d88sss448<refresh-token>' \
-H 'Content-Type: application/json'
Sample response:
{
"accessToken": "187dgb6vmy733"
}