Refresh Api Token

Question

Hi there,

We're working with the Sophos Apis and we have created a client id and secret.
We're using this access token to make requests and to manage devices, but the token expires 1hour after creation (as is expected).

The response from this request does include a refresh token but none of the api documentation does not describe how to use it.
Or what requests params/body is needed.
https://developer.sophos.com/getting-started
https://developer.sophos.com/getting-started-tenant
https://developer.sophos.com/getting-started-organization

The https://id.sophos.com/api/v2/oauth2/token response (from the docs above):

{
  "access_token": "<jwt>",
  "errorCode": "success",
  "expires_in": 3600,
  "message": "OK",
  "refresh_token": "<token>",
  "token_type": "bearer",
  "trackingId": "<uuid>"
}

What is the correct format for using this refresh token? Or have we missed something in the api docs or missed a doc?
Thanks.

FormerMember · Accepted Answer

Hi, 
 I checked with the PM about this and confirmed that it isn't documented because it isn't needed. 
 The refresh request requires the same information as a normal token request - so you might as well just request a new token. 
 There isn't a benefit to using the refresh action. 
 For completeness, here is how you would: 
 { 
 "client_id" : "[your client_id]", 
 "client_secret": "[your client_secret]", 
 "grant_type": "refresh_token", 
 "refresh_token": "[your token here]" 
 }

Refresh Api Token

Top Replies