XM

Refresh User Token

Path:

POST https://{baseurl}/api-commerceIdentity/auth/local/refresh

The access token returned in the response of the Login Local User endpoint is valid for 35 minutes. When the user's session is about to expire, this endpoint is triggered automatically to extend the session, seamlessly and securely. The refresh token is passed in the request body to extend the session and its validity is generally 45 days.

Note: The validity of the JWT tokens (access and refresh) is configurable.

Headers

Content-Type : application/json

x-site-context : { "date": "2020-08-28T02:35:27.787Z", "channel": 12, "account": 5f493c9f30ec2a0007a94fc8", "stage": "sandbox" }

Parameters

Type : requestBody

Name : The JWT Refresh Token

Required: true

Sample Request

{
"refreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVlOTc5NDdkM2NiODU1M2MwZTQzZDg3ZiIsInJvbGVzIjpbeyJpZCI6IjVkZTENDZmOGM2MzUyMDkxZDk0NGYxYyJ9XSwiaWF0IjoxNTg3MDExMjg5LCJleHAiOjE1ODcwMTMwODl9.GM0t3TOsHL7HAOwBY8LaC1mnp79e6E_XV8rd4pT0mC2hlHoPHgLfgfj5x7qMzQzuD9Mirgi5Wtfmf9LkZw4Bg"
}

Response

HTTP Code: 200 Message: OK

Description: You will see this message when the user details are retrieved along with the JWT tokens (access and refresh).

Sample

{
"_id": "5e97947d3cb8553c0e43d87f",
"userId": 90,
"roles": [
{
"id": "5de1646f8c6352091d944f1c"
}
],
"name": {
"first": "John",
"middle": "A",
"last": "Smith"
},
"accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVlOTc5NDdkM2NiODU1M2MwZTQzZDg3ZiIsInJvbGVzIjpbeyJpZCI6IjVkZTE2NDZmOGM2MzUyMDkxZDk0NGYxYyJ9XSwiaWF0IjoxNTg3MDExMzEzLCJleHAiOjE1ODcwMTMxMTN9.Xo5hhZVWA79cx4h2sy5iFvfDCbzcrDsVjHkmMq-F_EHobw93Ql5n8uJp1Fap--m_6h6lWgg7D2BblQFxGRr5aw",
"refreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVlOTc5NDdkM2NiODU1M2MwZTQzZDg3ZiIsImlhdCI6MTU4NzAxMTMxMywiZXhwIjoxNTkwODk5MzEzfQ.SJl_1ikNTo7iziHuxUhdJ3KFk4dsAReGvKhjyJcGIEqqObs4G-v-n4Xe_ydITw1ZBwNqZzbosJXUIrDsdLMJ9g"
}

HTTP Code: 400 Message: Bad Request

Description: You will see this error when the refresh token is incorrect or invalid.

Sample

{
"code": "TOKEN_VALIDATION_FAILED",
"message": "Token validation failed."
}

Changelog

  • Last updated - July 2020