Obtain Access Token From Refresh Token

This endpoint is used to obtain or request new access token from a given refresh token. The cliend ID and refresh token are required when requesting new access token. Make sure the refresh token's TTL is valid or you have to go through the whole authorization process again to obtain new access token.

Endpoint

Method	URI	Headers
POST	/oauth/token/refresh	Accept: application/json

Data Params

Param	Description	Type	Required
cliend_id	The UUID of the OAuth Client	String	Yes
refresh_token	The refresh token string	String	Yes
scope	The comma-separated list of token scopes	String	No

Request & Response Examples

Successful Response

200

Example request

curl \
  --request POST \
  --url https://api.luxstay.com/oauth/token/refresh \
  --header 'Accept: application/json' \
  --form client_id=17 \
  --form refresh_token=def502008d8934759903fbf64c88f0a095dedbb49cfe4fbf8f73575321e4d436dc575f242eb93f7c94f50a8a3140b433d6c4a51adad24f68fb401775c43a7a41d13e58d7d20f8c87073b02bb7ad03353d1f8fa0e7ba381d17daff48523b192976372e5c0ce294ce5b5d8b89a2bc3a510a724c3be8436ba539a5043f9e056dee7b5317f31aadac54e04ee41c97570a73aad8b7cf53f6a06d23be6f499d46d2c131f91033112ede6e04458ec8bc26a0bdc2488b25a48f86c6cd8fd6cf3966352a9990c650153afd3aabef152d2af2cf39f5ad0e229b9a2ee91cb94ffb7bc4b34c30cd7013ccf344e0bb6c779eadbc15353149feb642f3d059a39fb27c821b30af31e765b0617a3f8c567cc54f82760448089430048fdc029b815621636fb96c543fd2d7565a20381c53cf4e344b26e2fa922ceaa7a491595222b2f16e65d839fe1c86e311665edc733a656eb85976adb2e63ccad858a37516e0312196116d3dbc79d0a5055ca2c \
  --form scope=

1
2
3
4
5
6
7

Example response

{
    "data": {
        "token_type": "Bearer",
        "expires_in": 432000,
        "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImM3ODVjOGNjYThkZjZmMjA0YTZiOWVhMDIzZDhkOTIyOWI3MzgxODIxM2VhNmNiMmI4MzJmZDg5YWY5MzlhMGY5MGI4ZjVhNTU2NTJiOWI1In0.eyJhdWQiOiIwMzE4YTU5Yy0zMmZkLTQ0ODMtOTQ4NC0xZWQ0YTQ4NmNkOGYiLCJqdGkiOiJjNzg1YzhjY2E4ZGY2ZjIwNGE2YjllYTAyM2Q4ZDkyMjliNzM4MTgyMTNlYTZjYjJiODMyZmQ4OWFmOTM5YTBmOTBiOGY1YTU1NjUyYjliNSIsImlhdCI6MTUzOTgzODY0NywibmJmIjoxNTM5ODM4NjQ3LCJleHAiOjE1NDAyNzA2NDcsInN1YiI6IjEwMTMwIiwic2NvcGVzIjpbXX0.L5QDT2SbwbjtFIA-PEg9fmVqV4HbWBSc4lR9Bl3LcQJrktJ87jqxPkGk0l1FzHSiuAxKf_1M_UhNWGdWkb5tDiIkr3Oz__19MOeFTZKwFHRFbzbV7TK7BTc3NAQoAKfw-QFy0zkC07WIr_EJMG_RW2FtSKfVRzA0g4sn8l3wH2ZOHjWldggGpkpgtrfpTNnhWsC261HkYHPMG3ODWswLCnHQzG_VklKGCvPxH_V68Q9CFucvyoDi8nczlEorKRnPuot6I69g8cA9wvDHpKtW7onmQetrvcSwmkgWvncdqVI2yOFRzoFVaPaQ1sj_IFLIbB2ZSwJvTUwL0kUktzsc9jrY4fdbvF6qHV1BOGMJQVobNN1t-kt0pccMBJwedRqJtbRaPiK9KOqZRkpryaCcBd-A2erqZKFUaZMUfQUYyj532oG7HWeiKWp4YSUuUkKxDiwyn0jzHBGQICJ48z2RUehdV51VfAyJxvZAsnR_ANdfmfRrmGGMdqunk1fz4-veGxn3rejcTy3iphWOMy96VChbvvS3pBUi5DQgofn24YYINYV2I2WWaqEgWP2pSB9LKqLO-GcDnza0QhCJ2UIZeYcbkwaFdmsj41onJ2-Vl2BnI-WSpU067zKQTnGkHEUWG3pPMslxB95Hflw8Rr5OzNLL69TsagnxaSyzqMdWPEw",
        "refresh_token": "def50200340b2a8efdeea15b96ac09feb4fc2344e058ba3c1a78cba65e766b951f967cd5c9912540c3c21743a142fe4a3f8c58fd566193eb1e3d8c80165dcb50ea309c9ba07b8480050ec7a6b2acf16bb18d466938080b8a05990b324a26f447079f809fc1b8f6033f0d8c309de35718f2848cca2c991111cc2a83b97d8325c49195881a122b803b5e80c05e807d706951a85fd1775b7f070dda197239f9eb1bd0b19ea0ef6c73aadc5edb1d0e17b35bcc2d09ef0e7c699367263bc81090879d96733a5aaed3fdb29ac606f9cb7fc21e7f98e853688928f80ecd0ae2bba6b2126a48713bffabd72f0dfd99a1396d4818836dd65bbfafe40d4133962ca4eddc4a3f5dd50bd9dcd818ff4616b0c6e2e64fdd71d802ef7f19b7bb599059add5af4338b76a1546456ced8f521cc9848a77b3026dd800c8a3b3442410cc8c126761766ebfdc50381f9496cebbc1b7cdad6da2c6217c388cae0767dcb58ead015a229d22adb9b7d60425d981fd895a4105cc159554d1f41c675fbd179511c3977c14da870d39e27c6f4f1e"
    }
}

1
2
3
4
5
6
7
8

Error Response

401

Reason the refresh token was revoked

Example response

{
    "errors": {
        "error": "invalid_request",
        "message": "The refresh token is invalid.",
        "hint": "Token has been revoked"
    }
}

1
2
3
4
5
6
7

Reason the client credentials or refresh token content is invalid

Example response

{
    "message": "The client information or the refresh token you provided is invalid."
}

1
2
3

Reason the refresh token is invalid

Example response

{
    "errors": {
        "error": "invalid_request",
        "message": "The refresh token is invalid.",
        "hint": "Cannot decrypt the refresh token"
    }
}

1
2
3
4
5
6
7

Reason unknown scope

Example response

{
    "errors": {
        "error": "invalid_scope",
        "message": "The requested scope is invalid, unknown, or malformed",
        "hint": "Check the `test` scope"
    }
}

1
2
3
4
5
6
7

422

Reason invalid scope

Example response

{
    "message": "The given data was invalid.",
    "errors": {
        "scope": [
            "The scope must be a string."
        ]
    }
}

1
2
3
4
5
6
7
8

References

Refresh token specification

# Obtain Access Token From Refresh Token

# Endpoint

# Data Params

# Request & Response Examples

# Successful Response

# 200

# Error Response

# 401

# 422

# References

Obtain Access Token From Refresh Token

Endpoint

Data Params

Request & Response Examples

Successful Response

200

Error Response

401

422

References