Obtaining an Access Token Using a Refresh Token

From TeamServer ER/Studio
Jump to: navigation, search

Go Up to Obtaining Authorization to Use the API

You can use a refresh token to obtain a new access token without having users go again through the authorization flow.

To obtain a new access token using a refresh token, you must perform a request against http://teamserver.example.com/api/oauth/token providing your refresh token. In your request, you must append the following query parameters to this URL:

Item Example Description

refresh_token

bcd5a78c-9f0a-4ba6-9baa-5872e5acf7bb

Your refresh token.

client_id

6a2a39ba-9688-493d-b348-187468f599ae

The ID of your client application, as registered in the target Team Server installation.

client_secret

a28e0ca4-27cb-4361-bf97-3b26c612d66a

The secret of your client application, as registered in the target Team Server installation.

grant_type

refresh_token

The type of your access token request.

Provide the value refresh_token here, as your request to Team Server is for an access token in exchange for a refresh token.

The following is an example URL:

http://teamserver.example.com/api/oauth/token?refresh_token=bcd5a78c-9f0a-4ba6-9baa-5872e5acf7bb&client_id=6a2a39ba-9688-493d-b348-187468f599ae&client_secret=a28e0ca4-27cb-4361-bf97-3b26c612d66a&grant_type=refresh_token

Team Server responds in JSON format. The server response includes the following information:

{
    // Token to include in every API request to get access.
    "access_token": "d4ac0c07-0013-4939-b9ee-0112fdbb7d64",
 
    // Type of token. This is always "bearer".
    "token_type": "bearer",
 
    // Token that you can use to get a brand-new access token without further user interaction.
    "refresh_token": "bcd5a78c-9f0a-4ba6-9baa-5872e5acf7bb",
 
    // Number of seconds before the access token expires. Default value is 86400 (7 days).
    "expires_in": 86399,
 
    // Granted scope.
    "scope": "read write"
}

You can now continue using the Team Server API, including the provided access token in every API request.

See Also

Personal tools
Product Family Wiki
Product Videos