5.1.2 Refresh a JWT

Title

Refresh a previously issued JWT

URL Path

/api/user/refreshToken

Method

POST

Summary

Refresh an expired JWT using the refresh token previously obtained by 5.1.1 Obtain a JWT. If the refresh token has already expired you will be required to authenticate again using your username and password as described in 5.1.1 Obtain a JWT.

A 3rd party application that needs persistent connectivity with MetaDefender for Secure Storage should implement a timeout mechanism to ensure that the refresh token is renewed before it expires by calling this endpoint whenever JWT is expired but before the refresh token expires as well.

Sample HTTP body

{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1laWQiOiI1ZGVlOWY0NjgwM2NhNjAwMDdmNDZiODgiLCJ1bmlxdWVfbmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbkBhZG1pbiIsIm5iZiI6MDU3NjA5MDA3MSwiZXhwIjoxNTc2MDkzNjcxLCJpYXQiOjE1NzYwOTAwNzF9.u7i4ssMIJePETl3cZ8hnH4B9YmBs_q5Ll9mMlRxQYRg",
"refreshToken": "2XYnghwh3g16QXbU0+8I6+bZvmfGzrzamlFgkokYtDY="
}

Description of request

accessToken

The expired JWT accessToken

string value

refreshToken

The refresh token used to retrieve a new accessToken

string value

Request Errors

400 Bad Request

Invalid HTTP request

401 Unauthorized

The refreshToken has expired

500 Internal Server Error

Server is temporarily unavailable

Response

Example of a successful request:

{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1laWQiOiI1ZGVlOWY0NjgwM2NhNjAwMDdmNDZiODgiLCJ1bmlxdWVfbmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbkBhZG1pbiIsIm5iZiI6MTU3NjA5Mjk0MiwiZXhwIjoxNTc2MDk2NTQyLCJpYXQiOjE1NzYwOTI5NDJ9.C36-hvFcKdBUNOQ-r-253jdqI5rxfcs2POF9z0kIUTs",
"accessTokenExpiryTime": "2020-07-09T23:12:29.3560169Z",
"refreshToken": "i1j00vruJJ1FfnFSTDcwC62KPeZu3n7A45v6+eGwxPA=",
"refreshTokenExpiryTime": "2020-07-09T23:12:29.3560169Z",
"responseKey": "SUCCESS",
"responseMessage": "Successful request"
}

Description of response

accessToken

JWT token

The new JWT Bearer

accessTokenExpiryTime

Access token’s expiration time (UTC)

The expiration time of the given access token

refreshToken

Refresh token

Refresh token used for the next round of refreshing

refreshTokenExpiryTime

Refresh token’s expiration time (UTC)

The expiration time of the given refresh token

responseKey

Response message key

A message key that can be used for internalization

responseMessage

Response message

A message describing the result of the request