A WimTV API can be public or private.
The public APIs (path /api/public/…) can access only the public data.
If you want to use a public API, you should request a
public access token through by the client credentials (the
client id and eventually the client secret).
The private APIs (path /api/…) can access the private data of a specific
user.
If you want to use a private API, you should request a
private access token through by the client credentials and
also the user credentials (the user name and the password).
Gets a public access token
You can use a public access token to call a public API.
$ curl 'http://platform.wim.tv:8080/oauth/token' -i -u 'test:test_api' -X POST \
-H 'Accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials'Request headers
| Name | Description |
|---|---|
|
Basic auth credentials of the client. |
Request parameters
| Parameter | Description |
|---|---|
|
Must be |
Response
HTTP/1.1 200 OK
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
Content-Length: 679
{
"access_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhbGwiXSwiZXhwIjoxNzgxMjYxNjYwLCJhdXRob3JpdGllcyI6WyI0Il0sImp0aSI6ImI5ZGIwZjJiLTI4YzYtNGNjYS04MmM2LWZkOTFlNDE3NWM2MCIsImNsaWVudF9pZCI6InRlc3QifQ.iqoX74HIBJ925eryhwglyvD4efLS18sdCKf-B8WZH8s9GDyvs5QWhF9iq0SZN3L2J9BzJGgpKU8EDfz0o97VOAJRt8mZCVHiehas7mEQ2gQ5q9_cmPNEd3WpGXYB_mHaqqKVdCRwrzPiuCEAHFZVUG7ALdTU57l2ofeKimQig9ehr46-bld2-b6ZlSh42rDSbb0vcPIovmJ4HEmHZ49cldK_W4KqWHFQMn7Cls1V-U1ZwFwhmIHr_k-q7QIM4pu_W7jQ3tEz_rVZHB_vasTS82FIMy_h6IFmrA84IrnDupJgbM43bUhT2IMw3WAZLiq6Yr9IMNft6a593uVu4RicQQ",
"token_type" : "bearer",
"expires_in" : 4,
"scope" : "all",
"jti" : "b9db0f2b-28c6-4cca-82c6-fd91e4175c60"
}Response fields
| Path | Type | Description |
|---|---|---|
|
|
Access token. |
|
|
|
|
|
Validity of the access token (seconds). |
|
|
|
Gets a private access token
You can use a private access token to call a public or private API.
$ curl 'http://platform.wim.tv:8080/oauth/token' -i -u 'test:test_api' -X POST \
-H 'Accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'username=john&password=secr3t&grant_type=password'Request headers
| Name | Description |
|---|---|
|
Basic auth credentials of the client. |
Request parameters
| Parameter | Description |
|---|---|
|
Name of the user. |
|
Password of the user. |
|
Must be |
Response
HTTP/1.1 200 OK
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Length: 1551
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
{
"access_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3ODEyNjE2NDQsInVzZXJfbmFtZSI6ImpvaG4iLCJhdXRob3JpdGllcyI6WyJCVU5ETEUiLCJMSUNFTlNFRSIsIk1BUktFVCIsIlBST0dSQU1NSU5HIiwiVVBMT0FEIiwiNiIsIlNUUkVBTSIsIkxJVkVfU1RSRUFNIl0sImp0aSI6ImViYTAxMjI1LWQzYzAtNGE5NC1hMWIzLWI1MTNjOTBiNDQ1NSIsImNsaWVudF9pZCI6InRlc3QiLCJzY29wZSI6WyJhbGwiXX0.y9ncwQiXzT8th2E4UVoQ6MDlYrW_V6skrpYQebnLbznQwmrrrInXNTD9Io329DrsawgqtUd1N4gj-Jkf9ZTraTsE2wIK7i5JI9QJ_B_A6CgN_zx4lNxm5zHLjqsoZq_WOMo552aVEG8ToLw-Jq0uZQ5oXY_tLLHiJwh85QTPROMvaPoHusDD1S_QnberBSnIhaMTqdvWsqr7mgxqlEjxzelk6x7TVTNqobooT-BWc3Oa30J7UcpvLGPwWJg2TxEKQBiAXjcfFam0iR4jtqCCVVNi9xBdFU0qfBQQ19wxKHgcTYTNU54gx1o04jgePznwQ3pCLDVzyun6d-K1ww57oQ",
"token_type" : "bearer",
"refresh_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6ImViYTAxMjI1LWQzYzAtNGE5NC1hMWIzLWI1MTNjOTBiNDQ1NSIsImV4cCI6MTc4MTI2MTY0OSwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiJlYmUzMjdmZi0zNjAyLTQwOWEtOTZlYy01ZmFhYTVkNGZjNTEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.e8LhvsDMApYPOqeWpzinBs4l7U6bvY_8HLXRUBr16wCuQIMS3trBk9M6zAiTOPXdJPXcgfNELdoWr26mwXnfnUGenDpFj_tEK0vUrCE27801UpBdoQl07orIvPDWFhJrZXOzGSz_WdBeRIVf-XB6St02Fwmnc2kxOIc4eAJpywF73k8aFi9n5abQCKv-dBF_1uxOS1MgS49ur5m5WaUWSEzYt1ADQJ1XiM9J_GsP8Ei7NrjDhIriZnwH_vYyc_r8a8tv579lDXv7_Ul0ilF0j05toZIdUizbTG32VQFD9KcqZIq4_IDfDE3dQDbHaox4v_cWBxwWIQlFeqdLF9OaNw",
"expires_in" : 4,
"scope" : "all",
"jti" : "eba01225-d3c0-4a94-a1b3-b513c90b4455"
}Response fields
| Path | Type | Description |
|---|---|---|
|
|
Access token. |
|
|
Refresh token. |
|
|
|
|
|
Validity of the access token (seconds). |
|
|
|
Expired access token
When your access token expires, the API fails.
| When you request a private access token, you get also a refresh token: when the access token expires, you should refresh it using the refresh token. |
Response
HTTP/1.1 401 Unauthorized
Pragma: no-cache
Content-Length: 619
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
WWW-Authenticate: Bearer realm="oauth2-resource", error="invalid_token", error_description="Access token expired: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhbGwiXSwiZXhwIjoxNzgxMjYxNjYwLCJhdXRob3JpdGllcyI6WyI0Il0sImp0aSI6ImI5ZGIwZjJiLTI4YzYtNGNjYS04MmM2LWZkOTFlNDE3NWM2MCIsImNsaWVudF9pZCI6InRlc3QifQ.iqoX74HIBJ925eryhwglyvD4efLS18sdCKf-B8WZH8s9GDyvs5QWhF9iq0SZN3L2J9BzJGgpKU8EDfz0o97VOAJRt8mZCVHiehas7mEQ2gQ5q9_cmPNEd3WpGXYB_mHaqqKVdCRwrzPiuCEAHFZVUG7ALdTU57l2ofeKimQig9ehr46-bld2-b6ZlSh42rDSbb0vcPIovmJ4HEmHZ49cldK_W4KqWHFQMn7Cls1V-U1ZwFwhmIHr_k-q7QIM4pu_W7jQ3tEz_rVZHB_vasTS82FIMy_h6IFmrA84IrnDupJgbM43bUhT2IMw3WAZLiq6Yr9IMNft6a593uVu4RicQQ"
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
{
"error" : "invalid_token",
"error_description" : "Access token expired: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhbGwiXSwiZXhwIjoxNzgxMjYxNjYwLCJhdXRob3JpdGllcyI6WyI0Il0sImp0aSI6ImI5ZGIwZjJiLTI4YzYtNGNjYS04MmM2LWZkOTFlNDE3NWM2MCIsImNsaWVudF9pZCI6InRlc3QifQ.iqoX74HIBJ925eryhwglyvD4efLS18sdCKf-B8WZH8s9GDyvs5QWhF9iq0SZN3L2J9BzJGgpKU8EDfz0o97VOAJRt8mZCVHiehas7mEQ2gQ5q9_cmPNEd3WpGXYB_mHaqqKVdCRwrzPiuCEAHFZVUG7ALdTU57l2ofeKimQig9ehr46-bld2-b6ZlSh42rDSbb0vcPIovmJ4HEmHZ49cldK_W4KqWHFQMn7Cls1V-U1ZwFwhmIHr_k-q7QIM4pu_W7jQ3tEz_rVZHB_vasTS82FIMy_h6IFmrA84IrnDupJgbM43bUhT2IMw3WAZLiq6Yr9IMNft6a593uVu4RicQQ"
}Refreshes a private access token
When your private access token expires, you should use the refresh token to request a new private access token.
$ curl 'http://platform.wim.tv:8080/oauth/token' -i -u 'test:test_api' -X POST \
-H 'Accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=refresh_token&refresh_token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6ImViYTAxMjI1LWQzYzAtNGE5NC1hMWIzLWI1MTNjOTBiNDQ1NSIsImV4cCI6MTc4MTI2MTY0OSwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiJlYmUzMjdmZi0zNjAyLTQwOWEtOTZlYy01ZmFhYTVkNGZjNTEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.e8LhvsDMApYPOqeWpzinBs4l7U6bvY_8HLXRUBr16wCuQIMS3trBk9M6zAiTOPXdJPXcgfNELdoWr26mwXnfnUGenDpFj_tEK0vUrCE27801UpBdoQl07orIvPDWFhJrZXOzGSz_WdBeRIVf-XB6St02Fwmnc2kxOIc4eAJpywF73k8aFi9n5abQCKv-dBF_1uxOS1MgS49ur5m5WaUWSEzYt1ADQJ1XiM9J_GsP8Ei7NrjDhIriZnwH_vYyc_r8a8tv579lDXv7_Ul0ilF0j05toZIdUizbTG32VQFD9KcqZIq4_IDfDE3dQDbHaox4v_cWBxwWIQlFeqdLF9OaNw'Request headers
| Name | Description |
|---|---|
|
Basic auth credentials of the client. |
Request parameters
| Parameter | Description |
|---|---|
|
Must be |
|
The refresh token. |
| Using the refresh token you avoid to transmit the user credentials and this is good for security. |
Response
HTTP/1.1 200 OK
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Length: 1551
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
{
"access_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3ODEyNjE2NDksInVzZXJfbmFtZSI6ImpvaG4iLCJhdXRob3JpdGllcyI6WyJCVU5ETEUiLCJMSUNFTlNFRSIsIk1BUktFVCIsIlBST0dSQU1NSU5HIiwiVVBMT0FEIiwiNiIsIlNUUkVBTSIsIkxJVkVfU1RSRUFNIl0sImp0aSI6ImM5NWI0MzM3LWJkNWQtNDkzYy05MzFiLWVlMjdkZTg2NmFmOCIsImNsaWVudF9pZCI6InRlc3QiLCJzY29wZSI6WyJhbGwiXX0.g3AZ3lpwcvttlRp5YyV7oDefy86HjblTUzFB1BK2dBovT-3kO11LcPXobyECp1k0xTMKt_du_CGH40rr0PCK-Exv9XDcuGr075Pe6ZO8NZjTCuZSiOs-wS98MUDbM1Lg7voTbulFY__KXtkBWHNz20npaM7XMZEUdhi0l9KRoilQY3sG7AfMRbD7eqkr87lPNWERYziD884-Jvnu3Ss9KryTU0A6ggKkVcJpF_NhvepkIhqt5hYGTw6Txiuuf6xwaGglXpFJnNp8-Ic1nHAvrjb_4DxDipNdTELXouvwwGsAJGDmsfLfeH79SHv8beEx5AsZD1Q1dfWoKneUkITOLQ",
"token_type" : "bearer",
"refresh_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6ImM5NWI0MzM3LWJkNWQtNDkzYy05MzFiLWVlMjdkZTg2NmFmOCIsImV4cCI6MTc4MTI2MTY0OSwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiJlYmUzMjdmZi0zNjAyLTQwOWEtOTZlYy01ZmFhYTVkNGZjNTEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.c_wWxWoPjFkqSGm7GStsSZ3ARETSDwsnQyC86X9dq0viAzHmzK16iBdaOuGrtzWbA5DPPFATH3rnALyf82t5HJ27Iy3G3dvdtxSjSXncWWy5_8bX6GwePr6daVIO-4hdW8rN1eAXVYlh3bdYJGIGrXD7fOCWUiFkOAD6pS0WfDK1Ru-UUEjYOcYzuFmXSHFV4AZsjsu-y3gWBrluCySHibRXNaGkF9QKAo6MCsXqzi2UX05M3m52XLRJ5sOoouZt5k3Idkh2VQA2U1mc-MmcrplUVEAcJ0aEUEjyff-yufmF_545CVlVMTlW3D6DAmNK5bzg17fipnDr3aSUO6Z2BQ",
"expires_in" : 4,
"scope" : "all",
"jti" : "c95b4337-bd5d-493c-931b-ee27de866af8"
}Response fields
| Path | Type | Description |
|---|---|---|
|
|
Access token. |
|
|
Refresh token. |
|
|
|
|
|
Validity of the access token (seconds). |
|
|
|
| The current OAUTH2 implementation may generate only a new access token and keep the same refresh token, but you should not rely on this behavior: the implementation could be changed. |
Expired refresh token
When your refresh token expires, you should request another private access token.
Response
HTTP/1.1 401 Unauthorized
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Length: 815
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
WWW-Authenticate: Bearer error="invalid_token", error_description="Invalid refresh token (expired): eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6ImM5NWI0MzM3LWJkNWQtNDkzYy05MzFiLWVlMjdkZTg2NmFmOCIsImV4cCI6MTc4MTI2MTY0OSwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiJlYmUzMjdmZi0zNjAyLTQwOWEtOTZlYy01ZmFhYTVkNGZjNTEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.c_wWxWoPjFkqSGm7GStsSZ3ARETSDwsnQyC86X9dq0viAzHmzK16iBdaOuGrtzWbA5DPPFATH3rnALyf82t5HJ27Iy3G3dvdtxSjSXncWWy5_8bX6GwePr6daVIO-4hdW8rN1eAXVYlh3bdYJGIGrXD7fOCWUiFkOAD6pS0WfDK1Ru-UUEjYOcYzuFmXSHFV4AZsjsu-y3gWBrluCySHibRXNaGkF9QKAo6MCsXqzi2UX05M3m52XLRJ5sOoouZt5k3Idkh2VQA2U1mc-MmcrplUVEAcJ0aEUEjyff-yufmF_545CVlVMTlW3D6DAmNK5bzg17fipnDr3aSUO6Z2BQ"
{
"error" : "invalid_token",
"error_description" : "Invalid refresh token (expired): eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6ImM5NWI0MzM3LWJkNWQtNDkzYy05MzFiLWVlMjdkZTg2NmFmOCIsImV4cCI6MTc4MTI2MTY0OSwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiJlYmUzMjdmZi0zNjAyLTQwOWEtOTZlYy01ZmFhYTVkNGZjNTEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.c_wWxWoPjFkqSGm7GStsSZ3ARETSDwsnQyC86X9dq0viAzHmzK16iBdaOuGrtzWbA5DPPFATH3rnALyf82t5HJ27Iy3G3dvdtxSjSXncWWy5_8bX6GwePr6daVIO-4hdW8rN1eAXVYlh3bdYJGIGrXD7fOCWUiFkOAD6pS0WfDK1Ru-UUEjYOcYzuFmXSHFV4AZsjsu-y3gWBrluCySHibRXNaGkF9QKAo6MCsXqzi2UX05M3m52XLRJ5sOoouZt5k3Idkh2VQA2U1mc-MmcrplUVEAcJ0aEUEjyff-yufmF_545CVlVMTlW3D6DAmNK5bzg17fipnDr3aSUO6Z2BQ"
}Calling an API without an access token
If you try to call an API without an access token, the API fails.
Response
HTTP/1.1 401 Unauthorized
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
WWW-Authenticate: Bearer realm="oauth2-resource", error="unauthorized", error_description="Full authentication is required to access this resource"
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
Content-Length: 113
{
"error" : "unauthorized",
"error_description" : "Full authentication is required to access this resource"
}Calling a private API with a public access token
If you try to call a private API with a public access token, the API fails.
Response
HTTP/1.1 403 Forbidden
Pragma: no-cache
Content-Length: 75
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
{
"error" : "access_denied",
"error_description" : "Access is denied"
}Bad client credentials
If you request an access token with bad client credentials, the API fails.
Response
HTTP/1.1 401 Unauthorized
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Expires: 0
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
WWW-Authenticate: Basic realm="oauth2/client"
{
"timestamp" : "1474095055437",
"status" : 401,
"error" : "Unauthorized",
"message" : "Bad credentials",
"path" : "/wimtv-server/oauth/token"
}Bad user credentials
If you request an access token with bad user credentials, the API fails.
Response
HTTP/1.1 400 Bad Request
Content-Length: 74
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
{
"error" : "invalid_grant",
"error_description" : "Bad credentials"
}Invalid access token
If you use an invalid access token (or retry to use an expired access token), the API fails.
Response
HTTP/1.1 401 Unauthorized
Pragma: no-cache
Content-Length: 619
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
WWW-Authenticate: Bearer realm="oauth2-resource", error="invalid_token", error_description="Access token expired: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhbGwiXSwiZXhwIjoxNzgxMjYxNjYwLCJhdXRob3JpdGllcyI6WyI0Il0sImp0aSI6ImI5ZGIwZjJiLTI4YzYtNGNjYS04MmM2LWZkOTFlNDE3NWM2MCIsImNsaWVudF9pZCI6InRlc3QifQ.iqoX74HIBJ925eryhwglyvD4efLS18sdCKf-B8WZH8s9GDyvs5QWhF9iq0SZN3L2J9BzJGgpKU8EDfz0o97VOAJRt8mZCVHiehas7mEQ2gQ5q9_cmPNEd3WpGXYB_mHaqqKVdCRwrzPiuCEAHFZVUG7ALdTU57l2ofeKimQig9ehr46-bld2-b6ZlSh42rDSbb0vcPIovmJ4HEmHZ49cldK_W4KqWHFQMn7Cls1V-U1ZwFwhmIHr_k-q7QIM4pu_W7jQ3tEz_rVZHB_vasTS82FIMy_h6IFmrA84IrnDupJgbM43bUhT2IMw3WAZLiq6Yr9IMNft6a593uVu4RicQQ"
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
{
"error" : "invalid_token",
"error_description" : "Access token expired: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhbGwiXSwiZXhwIjoxNzgxMjYxNjYwLCJhdXRob3JpdGllcyI6WyI0Il0sImp0aSI6ImI5ZGIwZjJiLTI4YzYtNGNjYS04MmM2LWZkOTFlNDE3NWM2MCIsImNsaWVudF9pZCI6InRlc3QifQ.iqoX74HIBJ925eryhwglyvD4efLS18sdCKf-B8WZH8s9GDyvs5QWhF9iq0SZN3L2J9BzJGgpKU8EDfz0o97VOAJRt8mZCVHiehas7mEQ2gQ5q9_cmPNEd3WpGXYB_mHaqqKVdCRwrzPiuCEAHFZVUG7ALdTU57l2ofeKimQig9ehr46-bld2-b6ZlSh42rDSbb0vcPIovmJ4HEmHZ49cldK_W4KqWHFQMn7Cls1V-U1ZwFwhmIHr_k-q7QIM4pu_W7jQ3tEz_rVZHB_vasTS82FIMy_h6IFmrA84IrnDupJgbM43bUhT2IMw3WAZLiq6Yr9IMNft6a593uVu4RicQQ"
}Invalid refresh token
If you use an invalid refresh token (or retry to use an expired refresh token), the API fails.
Response
HTTP/1.1 401 Unauthorized
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Length: 815
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
WWW-Authenticate: Bearer error="invalid_token", error_description="Invalid refresh token (expired): eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6ImM5NWI0MzM3LWJkNWQtNDkzYy05MzFiLWVlMjdkZTg2NmFmOCIsImV4cCI6MTc4MTI2MTY0OSwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiJlYmUzMjdmZi0zNjAyLTQwOWEtOTZlYy01ZmFhYTVkNGZjNTEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.c_wWxWoPjFkqSGm7GStsSZ3ARETSDwsnQyC86X9dq0viAzHmzK16iBdaOuGrtzWbA5DPPFATH3rnALyf82t5HJ27Iy3G3dvdtxSjSXncWWy5_8bX6GwePr6daVIO-4hdW8rN1eAXVYlh3bdYJGIGrXD7fOCWUiFkOAD6pS0WfDK1Ru-UUEjYOcYzuFmXSHFV4AZsjsu-y3gWBrluCySHibRXNaGkF9QKAo6MCsXqzi2UX05M3m52XLRJ5sOoouZt5k3Idkh2VQA2U1mc-MmcrplUVEAcJ0aEUEjyff-yufmF_545CVlVMTlW3D6DAmNK5bzg17fipnDr3aSUO6Z2BQ"
{
"error" : "invalid_token",
"error_description" : "Invalid refresh token (expired): eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6ImM5NWI0MzM3LWJkNWQtNDkzYy05MzFiLWVlMjdkZTg2NmFmOCIsImV4cCI6MTc4MTI2MTY0OSwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiJlYmUzMjdmZi0zNjAyLTQwOWEtOTZlYy01ZmFhYTVkNGZjNTEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.c_wWxWoPjFkqSGm7GStsSZ3ARETSDwsnQyC86X9dq0viAzHmzK16iBdaOuGrtzWbA5DPPFATH3rnALyf82t5HJ27Iy3G3dvdtxSjSXncWWy5_8bX6GwePr6daVIO-4hdW8rN1eAXVYlh3bdYJGIGrXD7fOCWUiFkOAD6pS0WfDK1Ru-UUEjYOcYzuFmXSHFV4AZsjsu-y3gWBrluCySHibRXNaGkF9QKAo6MCsXqzi2UX05M3m52XLRJ5sOoouZt5k3Idkh2VQA2U1mc-MmcrplUVEAcJ0aEUEjyff-yufmF_545CVlVMTlW3D6DAmNK5bzg17fipnDr3aSUO6Z2BQ"
}