...
Child pages (Children Display)
Also, see the following: Table of Contents
...
After an access token is generated, sometimes you might have to refresh or renew the old token due to expiration or security concerns. This can be done by issuing a REST call to the Token API through a REST client like cURL, with the following parameters.
- The Token API URL is
https://gateway.api.cloud.wso2.com/token. - payload -
"grant_type=refresh_token&refresh_token=<retoken>&scope=PRODUCTION". Replace the<retoken>value with the refresh token that you generate through the UI. - headers -
Authorization :Basic <base64 encoded string>, Content-Type: application/x-www-form-urlencoded. Replace<base64 encoded string>as appropriate.
For example, the following cURL command can be used to access the Token API.
| Code Block |
|---|
curl -k -d "grant_type=refresh_token&refresh_token=<retoken>&scope=PRODUCTION" -H "Authorization: Basic SVpzSWk2SERiQjVlOFZLZFpBblVpX2ZaM2Y4YTpHbTBiSjZvV1Y4ZkM1T1FMTGxDNmpzbEFDVzhh, Content-Type: application/x-www-form-urlencoded" https://gateway.api.cloud.wso2.com/token |
The REST message will grant a renewed token.
Revoking access tokens
After issuing an access token, a user or an admin can revoke it in case of theft or a security violation. You can do this by calling the Revoke API using a REST Client. The Revoke API's endpoint URL is https://gateway.api.cloud.wso2.com/revoke. The parameters required to invoke this API are as follows:
- The token to be revoked
- Consumer key and consumer secret key. Must be encoded using Base64 algorithm
For example, curl -k -d "token=<ACCESS_TOKEN_TO_BE_REVOKED>" -H "Authorization: Basic Base64Encoded(Consumer key:consumer secret)" https://gateway.api.cloud.wso2.com/revoke.
| Tip |
|---|
| Even after revoking a token, it might still be available in the API Gateway cache to consumers until the cache expires in approximately 15 minutes. |