Refresh token API call flow
API historyThis API allows to renew access token for 90 days access to account using refresh token.
Step 1: Renew old access token for new one with valid refresh token
Initiate POST requests for Refresh token with valid refresh token:
|
Refresh token
Version1
|
URL LIVE
URL SANDBOX
|
POST https://api.csob.sk/identity-server/connect/token/refresh
POST https://api.csob.sk/identity-server-test/connect/token/refresh
|
Validity of access tokens based on SCA (90 days access to accounts) is due to security reasons limited to 20 min. These access tokens can be renewed using refresh tokens which are valid for 90 days. By calling this service, new access token and new refresh token with te same time validity as old one are issued. On API Explorer web site there is a possibility to test API online (Try it) and download API definition (WADL, Open API).
Request:
|
Request parameters
Version1
|
grant_type={grant_type}&client_id={client_id}&client_secret={client_secret}&refresh_token={refresh_token} |
Attributes structure |
Optionality |
Type |
Description |
grant_type |
Mandatory |
String |
Value is „refresh_token“ |
client_id |
Mandatory |
String |
TPP ID obtained from enrollment |
client_secret |
Mandatory |
String |
Secret obtained from enrollment |
refresh_token |
Mandatory |
String |
Valid refresh token obtained from authorization code |
Response:
Attributes structure |
Optionality |
Type |
Description |
id_token |
Mandatory |
String |
Encoded user‘s authentication information including nonce value |
access_token |
Mandatory |
String |
Renewed access token |
expires_in |
Mandatory |
String |
Validity of access token in seconds |
token_type |
Mandatory |
String |
Value is „Bearer“ |
refresh_token |
Optional |
String |
New refresh token with the same time validity as the old one |
Example:
Request
POST https://api.csob.sk/identity-server/connect/token/refresh HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Content-Length: 172
Host: api.csob.sk
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
grant_type=refresh_token&client_id=TIDgjzKuS7k&client_secret=xxryTJUjquusiG9TeqxxeT7UxUvK42bd&refresh_token= eab1ffc4b4f562f58c0212be690bc74e80bab2905a6e15118df44fef6fe91269
Response
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: application/json
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server-Process-ID: efPt37g5yQxHwP7jSiCepCt68LYmU8Sx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 28 Mar 2019 16:01:30 GMT
{
"id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjBiYjk3OGU2NjE3aDdmMGQ5YTM5ZTE1YTEzOGJjNzkyIiwidHlwIjoiSldUIn0.eyJuYmYiOjE1NTM3ODg4OTAsImV4cCI6MTU1Mzc4OTE5MCwiaXNzIjoiaHR0cHM6Ly9wc2QyLWFwaWF1dGhvcml6YXRpb24tY3NvYnNrLmF6dXJld2Vic2l0ZXMubmV0IiwiYXVkIjoiVElESktwdEN2YmEiLCJpYXQiOjE1NTM3ODg4OTAsImF0X2hhc2giOiJNQTdOTlA5U3VjR0wwUGU1YUxkVHN3Iiwic3ViIjoib1V4TVpzSFl0RnZ4d1dEYVprek9vbFc2UzhCV3pOUzlnWnRCIiwiYXV0aF90aW1lIjoxNTUzNzg4ODYzLCJpZHAiOiJsb2NhbCIsImFtciI6WyJwd2QiXX0.u70lc04DXlMKIgY8RATDvA3P1KqtlHXsCRT-4Fsp1gq66Mj1dQO4pbXMKxyikzmNnkRAcmm2SZhyG5ZO7viRc1cwOQXWfV0ovJ_XZqv1dzy4ZKvCEMl7N4zTHViYh1qIddHkqFPRn4mDdr87dYqaWrW9LWIFtY0BOT9dmHlVKrV-iGGkYXUGMnqabm2qvwIaNGpSyM-_3L-r51cT9DZH_2Uv42qzJIPqbvspokWTUJbm_Dls8wv06MzYSA6QlwDU4jUP2E9rQNdNwIwKsCtIZAKyxth1l85ozVG8zpLXkfMBGasldKRuv85tUQ_yUoTW5KnZ1Q91Rcox0KP0-OLowA",
"access_token": "56f582f2630359764582fae036e23a637b17a9a345f92083f3f2e6927a3024de",
"expires_in": 1200,
"token_type": "Bearer",
"refresh_token": "ed4371699838770cbabb46fe1a8f29629bc1c3041d11d6a99df98298861084f1"
}