A WimTV API can be public or private.

The public APIs (path /api/public/…​) can access only the public data.
If you want to use a public API, you should request a public access token through by the client credentials (the client id and eventually the client secret).

The private APIs (path /api/…​) can access the private data of a specific user.
If you want to use a private API, you should request a private access token through by the client credentials and also the user credentials (the user name and the password).

Gets a public access token

You can use a public access token to call a public API.

$ curl 'http://platform.wim.tv:8080/oauth/token' -i -u 'test:test_api' -X POST \
    -H 'Accept: application/json' \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    -d 'grant_type=client_credentials'

Request headers

Name Description

Authorization

Basic auth credentials of the client.

Request parameters

Parameter Description

grant_type

Must be client_credentials.

Response

HTTP/1.1 200 OK
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
Content-Length: 679

{
  "access_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhbGwiXSwiZXhwIjoxNjQ2NjUwMzYxLCJhdXRob3JpdGllcyI6WyI0Il0sImp0aSI6ImE1ZTNhYmVlLTgzNmQtNGVjZC05YzA0LTA3ODMxNWMwMDZmOCIsImNsaWVudF9pZCI6InRlc3QifQ.Qu1Z89NpLr0BBjQAxw5RRuRXYLAwB_m6VzAqEWQKcFKQGdgdhtG1rNxVz3GTIvZ2g7qApr1RYX85H8HqlR33XOogQ4PSBbejDZbuJ3UdB8E5GysyqGzwDHkl2_VMmcHznYTNN6cf2_F0gklaALK90ysNM3wipDF01tJQYovNzm_XWiX67pKfBstZqRqLp-sCzjynBdbm2RXMcDpUzSGprLKOsWLv3EXmIUaePZsEXRUiSsOObpPXKcdh3W98lo5eEMoirz1Pzgw_3jLPXAPRabvpMZKGPCCIHhq_wiwwwHaj4yfE9Mm5XBoKWQHfSp24XKL2JSo8ohi5Ivnha3CH2g",
  "token_type" : "bearer",
  "expires_in" : 4,
  "scope" : "all",
  "jti" : "a5e3abee-836d-4ecd-9c04-078315c006f8"
}

Response fields

Path Type Description

access_token

String

Access token.

token_type

String

bearer

expires_in

Number

Validity of the access token (seconds).

scope

String

all

Gets a private access token

You can use a private access token to call a public or private API.

$ curl 'http://platform.wim.tv:8080/oauth/token' -i -u 'test:test_api' -X POST \
    -H 'Accept: application/json' \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    -d 'username=john&password=secr3t&grant_type=password'

Request headers

Name Description

Authorization

Basic auth credentials of the client.

Request parameters

Parameter Description

username

Name of the user.

password

Password of the user.

grant_type

Must be password.

Response

HTTP/1.1 200 OK
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Length: 1551
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8

{
  "access_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NDY2NTAzNDUsInVzZXJfbmFtZSI6ImpvaG4iLCJhdXRob3JpdGllcyI6WyJCVU5ETEUiLCJMSUNFTlNFRSIsIk1BUktFVCIsIlBST0dSQU1NSU5HIiwiVVBMT0FEIiwiNiIsIlNUUkVBTSIsIkxJVkVfU1RSRUFNIl0sImp0aSI6IjJmMTQ4NzAxLWNlNmUtNDNiNS04ZWViLTRmMzk0ZGJlNGI4NyIsImNsaWVudF9pZCI6InRlc3QiLCJzY29wZSI6WyJhbGwiXX0.fl47ycHmHitfp0T3qpfVYJvr4fMSpnHXn3YAxEs5fTwS-jpQeee1_M-Njt8wUOtNXLKZPsXyM3LRq5hwOx7MjF4bdmCv9L3AeND5MoqmicaUJki_zQ77B907zPKgjdNwtW44VvTC2au1T-0gGgYDmfl-SMmyvZH5vxa-fgXxkWK-ehzZtwnA11zNSr-gdsREStXvffVj-VInZ1V9Oz2cNZFMhySO1pVYkXPY8p7PUz2k43hK3gNEbRh5-IE3FzyVir6m9cEJK506Ee--an_S5yKusQ37Ck1icSHFSC41GqWd1jxDSbGhsqodzZmIACeHwzwSihUpYj__cranXvpnYQ",
  "token_type" : "bearer",
  "refresh_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6IjJmMTQ4NzAxLWNlNmUtNDNiNS04ZWViLTRmMzk0ZGJlNGI4NyIsImV4cCI6MTY0NjY1MDM1MCwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiIyNWYwNjQ0My1jOWJjLTRmOTItOGU2ZC04YThhODI5ODM0MmEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.aIG2a5yO_Zl0HMBp1u_E7B2leNSvvohn1vGVLR5IVfnb8LU6LtjUMnzk_hCOnR77qf9xQllSMLxxE45ZE8NaetAUNzaXokVCWnWjvNN8fj3ggb4gmPPxYg7NdyfV8RIOr78YVPU09Pmh2xoXXbeyVwnhuks8rURRjVoN0gpkxN4MBOZBDRHHDIAaoWYm9VurGPJ5ViZdyYBtgGVGW7ta9_HeY3UPOwKQtqfFUppB6iGzhJg2WVF-Z5GElWj6mjjoAeYsvdQICsOCtGNEwfH7wYXM5H1oEF7hrmBG89jqjyDMxbRvutaOyvvtlJUJmz8pJ4fF5ngCXm_0bIpQRcSubw",
  "expires_in" : 4,
  "scope" : "all",
  "jti" : "2f148701-ce6e-43b5-8eeb-4f394dbe4b87"
}

Response fields

Path Type Description

access_token

String

Access token.

refresh_token

String

Refresh token.

token_type

String

bearer

expires_in

Number

Validity of the access token (seconds).

scope

String

all

Expired access token

When your access token expires, the API fails.

When you request a private access token, you get also a refresh token: when the access token expires, you should refresh it using the refresh token.

Response

HTTP/1.1 401 Unauthorized
Pragma: no-cache
Content-Length: 619
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
WWW-Authenticate: Bearer realm="oauth2-resource", error="invalid_token", error_description="Access token expired: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhbGwiXSwiZXhwIjoxNjQ2NjUwMzYxLCJhdXRob3JpdGllcyI6WyI0Il0sImp0aSI6ImE1ZTNhYmVlLTgzNmQtNGVjZC05YzA0LTA3ODMxNWMwMDZmOCIsImNsaWVudF9pZCI6InRlc3QifQ.Qu1Z89NpLr0BBjQAxw5RRuRXYLAwB_m6VzAqEWQKcFKQGdgdhtG1rNxVz3GTIvZ2g7qApr1RYX85H8HqlR33XOogQ4PSBbejDZbuJ3UdB8E5GysyqGzwDHkl2_VMmcHznYTNN6cf2_F0gklaALK90ysNM3wipDF01tJQYovNzm_XWiX67pKfBstZqRqLp-sCzjynBdbm2RXMcDpUzSGprLKOsWLv3EXmIUaePZsEXRUiSsOObpPXKcdh3W98lo5eEMoirz1Pzgw_3jLPXAPRabvpMZKGPCCIHhq_wiwwwHaj4yfE9Mm5XBoKWQHfSp24XKL2JSo8ohi5Ivnha3CH2g"
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8

{
  "error" : "invalid_token",
  "error_description" : "Access token expired: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhbGwiXSwiZXhwIjoxNjQ2NjUwMzYxLCJhdXRob3JpdGllcyI6WyI0Il0sImp0aSI6ImE1ZTNhYmVlLTgzNmQtNGVjZC05YzA0LTA3ODMxNWMwMDZmOCIsImNsaWVudF9pZCI6InRlc3QifQ.Qu1Z89NpLr0BBjQAxw5RRuRXYLAwB_m6VzAqEWQKcFKQGdgdhtG1rNxVz3GTIvZ2g7qApr1RYX85H8HqlR33XOogQ4PSBbejDZbuJ3UdB8E5GysyqGzwDHkl2_VMmcHznYTNN6cf2_F0gklaALK90ysNM3wipDF01tJQYovNzm_XWiX67pKfBstZqRqLp-sCzjynBdbm2RXMcDpUzSGprLKOsWLv3EXmIUaePZsEXRUiSsOObpPXKcdh3W98lo5eEMoirz1Pzgw_3jLPXAPRabvpMZKGPCCIHhq_wiwwwHaj4yfE9Mm5XBoKWQHfSp24XKL2JSo8ohi5Ivnha3CH2g"
}

Refreshes a private access token

When your private access token expires, you should use the refresh token to request a new private access token.

$ curl 'http://platform.wim.tv:8080/oauth/token' -i -u 'test:test_api' -X POST \
    -H 'Accept: application/json' \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    -d 'grant_type=refresh_token&refresh_token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6IjJmMTQ4NzAxLWNlNmUtNDNiNS04ZWViLTRmMzk0ZGJlNGI4NyIsImV4cCI6MTY0NjY1MDM1MCwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiIyNWYwNjQ0My1jOWJjLTRmOTItOGU2ZC04YThhODI5ODM0MmEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.aIG2a5yO_Zl0HMBp1u_E7B2leNSvvohn1vGVLR5IVfnb8LU6LtjUMnzk_hCOnR77qf9xQllSMLxxE45ZE8NaetAUNzaXokVCWnWjvNN8fj3ggb4gmPPxYg7NdyfV8RIOr78YVPU09Pmh2xoXXbeyVwnhuks8rURRjVoN0gpkxN4MBOZBDRHHDIAaoWYm9VurGPJ5ViZdyYBtgGVGW7ta9_HeY3UPOwKQtqfFUppB6iGzhJg2WVF-Z5GElWj6mjjoAeYsvdQICsOCtGNEwfH7wYXM5H1oEF7hrmBG89jqjyDMxbRvutaOyvvtlJUJmz8pJ4fF5ngCXm_0bIpQRcSubw'

Request headers

Name Description

Authorization

Basic auth credentials of the client.

Request parameters

Parameter Description

grant_type

Must be refresh_token.

refresh_token

The refresh token.

Using the refresh token you avoid to transmit the user credentials and this is good for security.

Response

HTTP/1.1 200 OK
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Length: 1551
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8

{
  "access_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NDY2NTAzNTAsInVzZXJfbmFtZSI6ImpvaG4iLCJhdXRob3JpdGllcyI6WyJCVU5ETEUiLCJMSUNFTlNFRSIsIk1BUktFVCIsIlBST0dSQU1NSU5HIiwiVVBMT0FEIiwiNiIsIlNUUkVBTSIsIkxJVkVfU1RSRUFNIl0sImp0aSI6IjExZmJmNTZiLTY4NTEtNGFiZC04MjVjLTYyMjI2OGI2M2ViZiIsImNsaWVudF9pZCI6InRlc3QiLCJzY29wZSI6WyJhbGwiXX0.eywcN0ak0rjS0eYYaT2HO7DN0zDHoziae3NdQ9jdarGMo5sPNtGIVH3f0L8-23oBjnuEeuZEAt2f0ezJ_xtMCb_Cdx4iJhxspvAZ0oZLO6MbuyKlanNg86EgYqmK04mCF5ghxaPgvYHqx0A3xVkAdlt1SlQIeVlXEabJf5ODCUqa4NtUwZy1ebIxd2cSJhMvNBz9bjqWWWzT1cI2YE1G9n6mTcUU9KiqivJVy0bWSg0z40obIfBnAxrb4thxcBi5e9xbnmeyYP0oFVRnKSiycCbRRhNJOY3QjS4PeXxGxyY56CgO_m42i16i5KeETPq4p8tpatbVv9nV46oHgVUi8A",
  "token_type" : "bearer",
  "refresh_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6IjExZmJmNTZiLTY4NTEtNGFiZC04MjVjLTYyMjI2OGI2M2ViZiIsImV4cCI6MTY0NjY1MDM1MCwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiIyNWYwNjQ0My1jOWJjLTRmOTItOGU2ZC04YThhODI5ODM0MmEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.q4spukZnv31MPwXYnwqD-uxvbm2pAzZsl7imoSPuGEhLUnSWy4BYAl3J2h12XIbGxVJtA7oZknAr52eVycFqeNdxEBok3SLUfJ3JCZ5FIY4fEqUCNYNwGjzMqHlXwabWtumKjR9g0uoZcbxmQdk6eX-jxraq8UZxY0ei9Na0DMNdI9zue_me_nPnqtlMamNbs7U1bA_wqbfDotDP4aTRTydWw8RviWZfgXKPqizzQeszabwsClA7ISyCto19dXZ9E6F0uMlisa-BCWAfSYxeF9aFhQJsbnUWjnwYsMB0CeLXN-olb-Ui4HfR4ks26DIUTGKfswXHeG2yHeThPAXh3A",
  "expires_in" : 4,
  "scope" : "all",
  "jti" : "11fbf56b-6851-4abd-825c-622268b63ebf"
}

Response fields

Path Type Description

access_token

String

Access token.

refresh_token

String

Refresh token.

token_type

String

bearer

expires_in

Number

Validity of the access token (seconds).

scope

String

all

The current OAUTH2 implementation may generate only a new access token and keep the same refresh token, but you should not rely on this behavior: the implementation could be changed.

Expired refresh token

When your refresh token expires, you should request another private access token.

Response

HTTP/1.1 401 Unauthorized
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Length: 815
Cache-Control: no-store
WWW-Authenticate: Bearer error="invalid_token", error_description="Invalid refresh token (expired): eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6IjExZmJmNTZiLTY4NTEtNGFiZC04MjVjLTYyMjI2OGI2M2ViZiIsImV4cCI6MTY0NjY1MDM1MCwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiIyNWYwNjQ0My1jOWJjLTRmOTItOGU2ZC04YThhODI5ODM0MmEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.q4spukZnv31MPwXYnwqD-uxvbm2pAzZsl7imoSPuGEhLUnSWy4BYAl3J2h12XIbGxVJtA7oZknAr52eVycFqeNdxEBok3SLUfJ3JCZ5FIY4fEqUCNYNwGjzMqHlXwabWtumKjR9g0uoZcbxmQdk6eX-jxraq8UZxY0ei9Na0DMNdI9zue_me_nPnqtlMamNbs7U1bA_wqbfDotDP4aTRTydWw8RviWZfgXKPqizzQeszabwsClA7ISyCto19dXZ9E6F0uMlisa-BCWAfSYxeF9aFhQJsbnUWjnwYsMB0CeLXN-olb-Ui4HfR4ks26DIUTGKfswXHeG2yHeThPAXh3A"
Content-Type: application/json;charset=UTF-8

{
  "error" : "invalid_token",
  "error_description" : "Invalid refresh token (expired): eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6IjExZmJmNTZiLTY4NTEtNGFiZC04MjVjLTYyMjI2OGI2M2ViZiIsImV4cCI6MTY0NjY1MDM1MCwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiIyNWYwNjQ0My1jOWJjLTRmOTItOGU2ZC04YThhODI5ODM0MmEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.q4spukZnv31MPwXYnwqD-uxvbm2pAzZsl7imoSPuGEhLUnSWy4BYAl3J2h12XIbGxVJtA7oZknAr52eVycFqeNdxEBok3SLUfJ3JCZ5FIY4fEqUCNYNwGjzMqHlXwabWtumKjR9g0uoZcbxmQdk6eX-jxraq8UZxY0ei9Na0DMNdI9zue_me_nPnqtlMamNbs7U1bA_wqbfDotDP4aTRTydWw8RviWZfgXKPqizzQeszabwsClA7ISyCto19dXZ9E6F0uMlisa-BCWAfSYxeF9aFhQJsbnUWjnwYsMB0CeLXN-olb-Ui4HfR4ks26DIUTGKfswXHeG2yHeThPAXh3A"
}

Calling an API without an access token

If you try to call an API without an access token, the API fails.

Response

HTTP/1.1 401 Unauthorized
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
WWW-Authenticate: Bearer realm="oauth2-resource", error="unauthorized", error_description="Full authentication is required to access this resource"
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
Content-Length: 113

{
  "error" : "unauthorized",
  "error_description" : "Full authentication is required to access this resource"
}

Calling a private API with a public access token

If you try to call a private API with a public access token, the API fails.

Response

HTTP/1.1 403 Forbidden
Pragma: no-cache
Content-Length: 75
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8

{
  "error" : "access_denied",
  "error_description" : "Access is denied"
}

Bad client credentials

If you request an access token with bad client credentials, the API fails.

Response

HTTP/1.1 401 Unauthorized
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Expires: 0
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
WWW-Authenticate: Basic realm="oauth2/client"

{
  "timestamp" : "1474095055437",
  "status" : 401,
  "error" : "Unauthorized",
  "message" : "Bad credentials",
  "path" : "/wimtv-server/oauth/token"
}

Bad user credentials

If you request an access token with bad user credentials, the API fails.

Response

HTTP/1.1 400 Bad Request
Content-Length: 74
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8

{
  "error" : "invalid_grant",
  "error_description" : "Bad credentials"
}

Invalid access token

If you use an invalid access token (or retry to use an expired access token), the API fails.

Response

HTTP/1.1 401 Unauthorized
Pragma: no-cache
Content-Length: 619
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
WWW-Authenticate: Bearer realm="oauth2-resource", error="invalid_token", error_description="Access token expired: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhbGwiXSwiZXhwIjoxNjQ2NjUwMzYxLCJhdXRob3JpdGllcyI6WyI0Il0sImp0aSI6ImE1ZTNhYmVlLTgzNmQtNGVjZC05YzA0LTA3ODMxNWMwMDZmOCIsImNsaWVudF9pZCI6InRlc3QifQ.Qu1Z89NpLr0BBjQAxw5RRuRXYLAwB_m6VzAqEWQKcFKQGdgdhtG1rNxVz3GTIvZ2g7qApr1RYX85H8HqlR33XOogQ4PSBbejDZbuJ3UdB8E5GysyqGzwDHkl2_VMmcHznYTNN6cf2_F0gklaALK90ysNM3wipDF01tJQYovNzm_XWiX67pKfBstZqRqLp-sCzjynBdbm2RXMcDpUzSGprLKOsWLv3EXmIUaePZsEXRUiSsOObpPXKcdh3W98lo5eEMoirz1Pzgw_3jLPXAPRabvpMZKGPCCIHhq_wiwwwHaj4yfE9Mm5XBoKWQHfSp24XKL2JSo8ohi5Ivnha3CH2g"
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8

{
  "error" : "invalid_token",
  "error_description" : "Access token expired: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhbGwiXSwiZXhwIjoxNjQ2NjUwMzYxLCJhdXRob3JpdGllcyI6WyI0Il0sImp0aSI6ImE1ZTNhYmVlLTgzNmQtNGVjZC05YzA0LTA3ODMxNWMwMDZmOCIsImNsaWVudF9pZCI6InRlc3QifQ.Qu1Z89NpLr0BBjQAxw5RRuRXYLAwB_m6VzAqEWQKcFKQGdgdhtG1rNxVz3GTIvZ2g7qApr1RYX85H8HqlR33XOogQ4PSBbejDZbuJ3UdB8E5GysyqGzwDHkl2_VMmcHznYTNN6cf2_F0gklaALK90ysNM3wipDF01tJQYovNzm_XWiX67pKfBstZqRqLp-sCzjynBdbm2RXMcDpUzSGprLKOsWLv3EXmIUaePZsEXRUiSsOObpPXKcdh3W98lo5eEMoirz1Pzgw_3jLPXAPRabvpMZKGPCCIHhq_wiwwwHaj4yfE9Mm5XBoKWQHfSp24XKL2JSo8ohi5Ivnha3CH2g"
}

Invalid refresh token

If you use an invalid refresh token (or retry to use an expired refresh token), the API fails.

Response

HTTP/1.1 401 Unauthorized
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Length: 815
Cache-Control: no-store
WWW-Authenticate: Bearer error="invalid_token", error_description="Invalid refresh token (expired): eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6IjExZmJmNTZiLTY4NTEtNGFiZC04MjVjLTYyMjI2OGI2M2ViZiIsImV4cCI6MTY0NjY1MDM1MCwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiIyNWYwNjQ0My1jOWJjLTRmOTItOGU2ZC04YThhODI5ODM0MmEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.q4spukZnv31MPwXYnwqD-uxvbm2pAzZsl7imoSPuGEhLUnSWy4BYAl3J2h12XIbGxVJtA7oZknAr52eVycFqeNdxEBok3SLUfJ3JCZ5FIY4fEqUCNYNwGjzMqHlXwabWtumKjR9g0uoZcbxmQdk6eX-jxraq8UZxY0ei9Na0DMNdI9zue_me_nPnqtlMamNbs7U1bA_wqbfDotDP4aTRTydWw8RviWZfgXKPqizzQeszabwsClA7ISyCto19dXZ9E6F0uMlisa-BCWAfSYxeF9aFhQJsbnUWjnwYsMB0CeLXN-olb-Ui4HfR4ks26DIUTGKfswXHeG2yHeThPAXh3A"
Content-Type: application/json;charset=UTF-8

{
  "error" : "invalid_token",
  "error_description" : "Invalid refresh token (expired): eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6IjExZmJmNTZiLTY4NTEtNGFiZC04MjVjLTYyMjI2OGI2M2ViZiIsImV4cCI6MTY0NjY1MDM1MCwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiIyNWYwNjQ0My1jOWJjLTRmOTItOGU2ZC04YThhODI5ODM0MmEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.q4spukZnv31MPwXYnwqD-uxvbm2pAzZsl7imoSPuGEhLUnSWy4BYAl3J2h12XIbGxVJtA7oZknAr52eVycFqeNdxEBok3SLUfJ3JCZ5FIY4fEqUCNYNwGjzMqHlXwabWtumKjR9g0uoZcbxmQdk6eX-jxraq8UZxY0ei9Na0DMNdI9zue_me_nPnqtlMamNbs7U1bA_wqbfDotDP4aTRTydWw8RviWZfgXKPqizzQeszabwsClA7ISyCto19dXZ9E6F0uMlisa-BCWAfSYxeF9aFhQJsbnUWjnwYsMB0CeLXN-olb-Ui4HfR4ks26DIUTGKfswXHeG2yHeThPAXh3A"
}