Hi there,We're working with the Sophos Apis and we have created a client id and secret.We're using this access token to make requests and to manage devices, but the token expires 1hour after creation (as is expected).The response from this request does include a refresh token but none of the api documentation does not describe how to use it. Or what requests params/body is needed.https://developer.sophos.com/getting-startedhttps://developer.sophos.com/getting-started-tenanthttps://developer.sophos.com/getting-started-organization
The https://id.sophos.com/api/v2/oauth2/token response (from the docs above):
{ "access_token": "<jwt>", "errorCode": "success", "expires_in": 3600, "message": "OK", "refresh_token": "<token>", "token_type": "bearer", "trackingId": "<uuid>" }
What is the correct format for using this refresh token? Or have we missed something in the api docs or missed a doc?Thanks.
Hi,
I checked with the PM about this and confirmed that it isn't documented because it isn't needed.
The refresh request requires the same information as a normal token request - so you might as…
The refresh request requires the same information as a normal token request - so you might as well just request a new token.
There isn't a benefit to using the refresh action.
For completeness, here is how you would:
{
"client_id" : "[your client_id]",
"client_secret": "[your client_secret]",
"grant_type": "refresh_token",
"refresh_token": "[your token here]"
}
RichardP
Program Manager, Support Readiness | CISSP | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
I couldn't get the refresh to work as above, but grabbing a new auth token works perfectly. Thanks for the response/answer.