Users need access tokens to invoke APIs subscribed under an application. Access tokens are passed in the HTTP header when invoking APIs. The API Cloud provides a Token API that you can use to generate and renew user and application access tokens. The response of the Token API is a JSON message. You extract the token from the JSON and pass it with an HTTP Authorization header to access the API.
...
Also see the following: Table of Contents
Renewing access tokens
| Anchor | ||||
|---|---|---|---|---|
|
After an access token is generated, sometimes you might have to refresh or renew the old token due to expiration or security concerns. This can be done by issuing a REST call to the Token API through a REST client like cURL, with the following parameters.
- The Token API URL is
https://gateway.api.cloud.wso2.com:8243/token. - payload -
"grant_type=refresh_token&refresh_token=<retoken>&scope=PRODUCTION". Replace the<retoken>value with the refresh token generated in the previous section. - headers -
Authorization :Basic <base64 encoded string>, Content-Type: application/x-www-form-urlencoded. Replace<base64 encoded string>as appropriate.
...
The REST message will grant a renewed token.
Revoking access tokens
After issuing an access token, a user or an admin can revoke it in case of theft or a security violation. You can do this by calling the Revoke API using a REST Client. The Revoke API's endpoint URL is https://gateway.api.cloud.wso2.com:8243/revoke. The parameters required to invoke this API are as follows:
...