Versions Compared

Old Version 5

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The Token API URL is https://gateway.api.cloud.wso2.com/token.
  • payload - "grant_type=refresh_token&refresh_token=<retoken>&scope=PRODUCTION". Replace the <retoken> value with the refresh token that you generate through the UIhave.
  • headers - Authorization :Basic <base64 encoded string>string of consumer-key:consumer-secret>, Content-Type: application/x-www-form-urlencoded. Replace <base64 encoded string>-encoded string-of-consumer-key:consumer-secret> as appropriate.          

...

Code Block
curl -k -d "grant_type=refresh_token&refresh_token=<retoken>&scope=PRODUCTION" -H "Authorization: Basic SVpzSWk2SERiQjVlOFZLZFpBblVpX2ZaM2Y4YTpHbTBiSjZvV1Y4ZkM1T1FMTGxDNmpzbEFDVzhh," -H "Content-Type: application/x-www-form-urlencoded" https://gateway.api.cloud.wso2.com/token

When you use the refresh grant to get a new access token, the refresh token is renewed by default. To change this behavior, set the <RenewRefreshTokenForRefreshGrant> element to false. The new refresh token has a new expiry time and the previous refresh token becomes inactive. To change the expiry time of your refresh token, set the <RefreshTokenValidityPeriod> element is in seconds.

Revoking access tokens

After issuing an access token, a user or an admin can revoke it in case of theft or a security violation. You can do this by calling the Revoke API using a REST Client. The Revoke API's endpoint URL is https://gateway.api.cloud.wso2.com/revoke. The parameters required to invoke this API are as follows:

...

Code Block
curl -k -d "token=<ACCESS_TOKEN_TO_BE_REVOKED><access-token-to-be-revoked>" -H "Authorization: Basic Base64Encoded(Consumer -key:consumer -secret)" https://gateway.api.cloud.wso2.com/revoke

...