You are here

Refreshing an access token

After one hour, your application's access token will be invalid. You can use the refresh token to request a new access token without having to re-authenticate with the user. The refresh token is valid for 7 days or until a new access token is requested.

When the access token expires, API requests will receive an HTTP 401 response with the following body:

{
  "error":"invalid_request",
  "error_description":"The access token expired"
}
Note: The error description The access token expired is the only way your application can recognize this error. Your application should request a new access token using the refresh token.

You make a request to refresh the access token using the refresh token, the API Key, and the API Secret.

The response will have a body similar to the following:

{
  "access_token":"28f88a82-a62b-4e44-9312-16a4a5d2e71c",
  "token_type":"Bearer",
  "expires_in":3600,
  "refresh_token":"e98f372c-e5a6-49e5-ba55-a0358d877eb2",
  "scope":"public_api"
}

Note that you can refresh the access token at any time before the timeout expires. The old access token becomes invalid when the new one is granted. The new refresh token supplied in the response body can be used in the same way.

In the Mobile SDK for iOS the refreshAccessToken method of the OAuthHelper class is used.

Sending feedback to the Alfresco documentation team

You don't appear to have JavaScript enabled in your browser. With JavaScript enabled, you can provide feedback to us using our simple form. Here are some instructions on how to enable JavaScript in your web browser.