Refresh token API call flow

API history

This API allows to renew access token for 90 days access to account using refresh token.

Step 1: Renew old access token for new one with valid refresh token

Initiate POST requests for Refresh token with valid refresh token:

Refresh token
Version1
URL LIVE
URL SANDBOX
POST https://api.csob.sk/identity-server/connect/token/refresh
POST https://api.csob.sk/identity-server-test/connect/token/refresh

Validity of access tokens based on SCA (90 days access to accounts) is due to security reasons limited to 20 min. These access tokens can be renewed using refresh tokens which are valid for 90 days. By calling this service, new access token and new refresh token with te same time validity as old one are issued. On API Explorer web site there is a possibility to test API online (Try it) and download API definition (WADL, Open API).

Request:

Request parameters
Version1
grant_type={grant_type}&client_id={client_id}&client_secret={client_secret}&refresh_token={refresh_token}

Attributes structure
Optionality
Type
Description
grant_type
Mandatory
String
Value is „refresh_token“
client_id
Mandatory
String
TPP ID obtained from enrollment
client_secret
Mandatory
String
Secret obtained from enrollment
refresh_token
Mandatory
String
Valid refresh token obtained from authorization code

Response:

Attributes structure
Optionality
Type
Description
id_token
Mandatory
String
Encoded user‘s authentication information including nonce value
access_token
Mandatory
String
Renewed access token
expires_in
Mandatory
String
Validity of access token in seconds
token_type
Mandatory
String
Value is „Bearer“
refresh_token
Optional
String
New refresh token with the same time validity as the old one

Example:

Request

POST https://api.csob.sk/identity-server/connect/token/refresh HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Content-Length: 172
Host: api.csob.sk
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

grant_type=refresh_token&client_id=TIDgjzKuS7k&client_secret=xxryTJUjquusiG9TeqxxeT7UxUvK42bd&refresh_token= eab1ffc4b4f562f58c0212be690bc74e80bab2905a6e15118df44fef6fe91269


Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: application/json
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server-Process-ID: efPt37g5yQxHwP7jSiCepCt68LYmU8Sx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 28 Mar 2019 16:01:30 GMT

{
"id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjBiYjk3OGU2NjE3aDdmMGQ5YTM5ZTE1YTEzOGJjNzkyIiwidHlwIjoiSldUIn0.eyJuYmYiOjE1NTM3ODg4OTAsImV4cCI6MTU1Mzc4OTE5MCwiaXNzIjoiaHR0cHM6Ly9wc2QyLWFwaWF1dGhvcml6YXRpb24tY3NvYnNrLmF6dXJld2Vic2l0ZXMubmV0IiwiYXVkIjoiVElESktwdEN2YmEiLCJpYXQiOjE1NTM3ODg4OTAsImF0X2hhc2giOiJNQTdOTlA5U3VjR0wwUGU1YUxkVHN3Iiwic3ViIjoib1V4TVpzSFl0RnZ4d1dEYVprek9vbFc2UzhCV3pOUzlnWnRCIiwiYXV0aF90aW1lIjoxNTUzNzg4ODYzLCJpZHAiOiJsb2NhbCIsImFtciI6WyJwd2QiXX0.u70lc04DXlMKIgY8RATDvA3P1KqtlHXsCRT-4Fsp1gq66Mj1dQO4pbXMKxyikzmNnkRAcmm2SZhyG5ZO7viRc1cwOQXWfV0ovJ_XZqv1dzy4ZKvCEMl7N4zTHViYh1qIddHkqFPRn4mDdr87dYqaWrW9LWIFtY0BOT9dmHlVKrV-iGGkYXUGMnqabm2qvwIaNGpSyM-_3L-r51cT9DZH_2Uv42qzJIPqbvspokWTUJbm_Dls8wv06MzYSA6QlwDU4jUP2E9rQNdNwIwKsCtIZAKyxth1l85ozVG8zpLXkfMBGasldKRuv85tUQ_yUoTW5KnZ1Q91Rcox0KP0-OLowA",
"access_token": "56f582f2630359764582fae036e23a637b17a9a345f92083f3f2e6927a3024de",
"expires_in": 1200,
"token_type": "Bearer",
"refresh_token": "ed4371699838770cbabb46fe1a8f29629bc1c3041d11d6a99df98298861084f1"
}