Get an access token and a refresh token

This topic describes two ways of getting an access token. The first way is to use an API key to get an access token. The second way is to use a refresh token to get an access token.

Use an API key to get an access token

To get an access token using an API key:

  • Make a POST call to the authentication endpoint to get an access token. You pass the API key and some other parameters. The response contains the access token and the refresh token.

To create a request to get an access token using an API key, use the following details:

Method: POST

Endpoint: https://api.rfksrv.com/account/1/access-token

Key

Type

Description

Value

x-api-key

string

Required. Pass this in the header

A secret key that Sitecore Search generates. You get this from your account manager when you first sign up with.

You can see this value in the Customer Engagement Console (CEC) by going to Developer Resources, API Access.

n/a

scope

string

Required.

Permissions that define which Sitecore Search APIs you can call.

You can see the scopes assigned to your API key in the CEC by going to Developer Resources, API Access.

  • discover

  • event

accessExpiry

integer

Optional.

The validity of the access token in milliseconds.

If you do not add this key, the default access token expiry is 1 day or 86400000 milliseconds.

n/a

refreshExpiry

integer

Optional.

The validity of the refresh token in milliseconds.

If you do not add this key, the default refresh token expiry is 7 days or 604800000 milliseconds.

n/a

The following is a sample CURL request for an access token with a validity of 12 hours and a refresh token with a validity of 3 days:

RequestResponse
curl -X POST \

  https://api.rfksrv.com/account/1/access-token \

  -H 'Content-Type: application/json' \

  -H 'x-api-key: 01-90d33624-99f708fa77a1e94a25c4a1afd0f28a4c23ff5251' \

  -d '{"scope":["discover"],"accessExpiry": 43200000, \

"refreshExpiry": 259200000}'

Sample response:

RequestResponse
{

    "accessToken": "167dgw2vyy733",

    "refreshToken": "1n555d88sss448",

    "accessTokenExpiry": 43200000,

    "refreshTokenExpiry": 259200000

}

Use a refresh token to get an access token

To get an access token using a refresh token:

  • Make a PUT call to the authentication endpoint. You pass the refresh token in the header. The response contains a new access token.

To create a request to get an access token using a refresh token, use the following details:

Method: PUT

Endpoint: https://api.rfksrv.com/account/1/access-token

Parameter

Type

Description

refresh-token

string

Required. Pass this in the header.

A secret token you can use to get a new access key without passing the API key again. You get the refresh token in the response when you use the API key to get an access token.

Note

Ensure that your refresh token is still valid when you make this call.

Here is a sample CURL request:

RequestResponse
curl -X PUT \

  https://<base-url>api.rfksrv.com/account/1/access-token \

  -H 'Authorization': Bearer 1n555d88sss448<refresh-token>' \

  -H 'Content-Type: application/json'

Sample response:

RequestResponse
{
    "accessToken": "187dgb6vmy733"
}

Do you have some feedback for us?

If you have suggestions for improving this article,