A WimTV API can be public or private.
The public APIs (path /api/public/…) can access only the public data.
If you want to use a public API, you should request a
public access token through by the client credentials (the
client id and eventually the client secret).
The private APIs (path /api/…) can access the private data of a specific
user.
If you want to use a private API, you should request a
private access token through by the client credentials and
also the user credentials (the user name and the password).
Gets a public access token
You can use a public access token to call a public API.
$ curl 'http://platform.wim.tv:8080/oauth/token' -i -u 'test:test_api' -X POST \
-H 'Accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials'Request headers
| Name | Description |
|---|---|
|
Basic auth credentials of the client. |
Request parameters
| Parameter | Description |
|---|---|
|
Must be |
Response
HTTP/1.1 200 OK
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
Content-Length: 679
{
"access_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhbGwiXSwiZXhwIjoxNjQ2NjUwMzYxLCJhdXRob3JpdGllcyI6WyI0Il0sImp0aSI6ImE1ZTNhYmVlLTgzNmQtNGVjZC05YzA0LTA3ODMxNWMwMDZmOCIsImNsaWVudF9pZCI6InRlc3QifQ.Qu1Z89NpLr0BBjQAxw5RRuRXYLAwB_m6VzAqEWQKcFKQGdgdhtG1rNxVz3GTIvZ2g7qApr1RYX85H8HqlR33XOogQ4PSBbejDZbuJ3UdB8E5GysyqGzwDHkl2_VMmcHznYTNN6cf2_F0gklaALK90ysNM3wipDF01tJQYovNzm_XWiX67pKfBstZqRqLp-sCzjynBdbm2RXMcDpUzSGprLKOsWLv3EXmIUaePZsEXRUiSsOObpPXKcdh3W98lo5eEMoirz1Pzgw_3jLPXAPRabvpMZKGPCCIHhq_wiwwwHaj4yfE9Mm5XBoKWQHfSp24XKL2JSo8ohi5Ivnha3CH2g",
"token_type" : "bearer",
"expires_in" : 4,
"scope" : "all",
"jti" : "a5e3abee-836d-4ecd-9c04-078315c006f8"
}Response fields
| Path | Type | Description |
|---|---|---|
|
|
Access token. |
|
|
|
|
|
Validity of the access token (seconds). |
|
|
|
Gets a private access token
You can use a private access token to call a public or private API.
$ curl 'http://platform.wim.tv:8080/oauth/token' -i -u 'test:test_api' -X POST \
-H 'Accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'username=john&password=secr3t&grant_type=password'Request headers
| Name | Description |
|---|---|
|
Basic auth credentials of the client. |
Request parameters
| Parameter | Description |
|---|---|
|
Name of the user. |
|
Password of the user. |
|
Must be |
Response
HTTP/1.1 200 OK
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Length: 1551
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
{
"access_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NDY2NTAzNDUsInVzZXJfbmFtZSI6ImpvaG4iLCJhdXRob3JpdGllcyI6WyJCVU5ETEUiLCJMSUNFTlNFRSIsIk1BUktFVCIsIlBST0dSQU1NSU5HIiwiVVBMT0FEIiwiNiIsIlNUUkVBTSIsIkxJVkVfU1RSRUFNIl0sImp0aSI6IjJmMTQ4NzAxLWNlNmUtNDNiNS04ZWViLTRmMzk0ZGJlNGI4NyIsImNsaWVudF9pZCI6InRlc3QiLCJzY29wZSI6WyJhbGwiXX0.fl47ycHmHitfp0T3qpfVYJvr4fMSpnHXn3YAxEs5fTwS-jpQeee1_M-Njt8wUOtNXLKZPsXyM3LRq5hwOx7MjF4bdmCv9L3AeND5MoqmicaUJki_zQ77B907zPKgjdNwtW44VvTC2au1T-0gGgYDmfl-SMmyvZH5vxa-fgXxkWK-ehzZtwnA11zNSr-gdsREStXvffVj-VInZ1V9Oz2cNZFMhySO1pVYkXPY8p7PUz2k43hK3gNEbRh5-IE3FzyVir6m9cEJK506Ee--an_S5yKusQ37Ck1icSHFSC41GqWd1jxDSbGhsqodzZmIACeHwzwSihUpYj__cranXvpnYQ",
"token_type" : "bearer",
"refresh_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6IjJmMTQ4NzAxLWNlNmUtNDNiNS04ZWViLTRmMzk0ZGJlNGI4NyIsImV4cCI6MTY0NjY1MDM1MCwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiIyNWYwNjQ0My1jOWJjLTRmOTItOGU2ZC04YThhODI5ODM0MmEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.aIG2a5yO_Zl0HMBp1u_E7B2leNSvvohn1vGVLR5IVfnb8LU6LtjUMnzk_hCOnR77qf9xQllSMLxxE45ZE8NaetAUNzaXokVCWnWjvNN8fj3ggb4gmPPxYg7NdyfV8RIOr78YVPU09Pmh2xoXXbeyVwnhuks8rURRjVoN0gpkxN4MBOZBDRHHDIAaoWYm9VurGPJ5ViZdyYBtgGVGW7ta9_HeY3UPOwKQtqfFUppB6iGzhJg2WVF-Z5GElWj6mjjoAeYsvdQICsOCtGNEwfH7wYXM5H1oEF7hrmBG89jqjyDMxbRvutaOyvvtlJUJmz8pJ4fF5ngCXm_0bIpQRcSubw",
"expires_in" : 4,
"scope" : "all",
"jti" : "2f148701-ce6e-43b5-8eeb-4f394dbe4b87"
}Response fields
| Path | Type | Description |
|---|---|---|
|
|
Access token. |
|
|
Refresh token. |
|
|
|
|
|
Validity of the access token (seconds). |
|
|
|
Expired access token
When your access token expires, the API fails.
| When you request a private access token, you get also a refresh token: when the access token expires, you should refresh it using the refresh token. |
Response
HTTP/1.1 401 Unauthorized
Pragma: no-cache
Content-Length: 619
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
WWW-Authenticate: Bearer realm="oauth2-resource", error="invalid_token", error_description="Access token expired: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhbGwiXSwiZXhwIjoxNjQ2NjUwMzYxLCJhdXRob3JpdGllcyI6WyI0Il0sImp0aSI6ImE1ZTNhYmVlLTgzNmQtNGVjZC05YzA0LTA3ODMxNWMwMDZmOCIsImNsaWVudF9pZCI6InRlc3QifQ.Qu1Z89NpLr0BBjQAxw5RRuRXYLAwB_m6VzAqEWQKcFKQGdgdhtG1rNxVz3GTIvZ2g7qApr1RYX85H8HqlR33XOogQ4PSBbejDZbuJ3UdB8E5GysyqGzwDHkl2_VMmcHznYTNN6cf2_F0gklaALK90ysNM3wipDF01tJQYovNzm_XWiX67pKfBstZqRqLp-sCzjynBdbm2RXMcDpUzSGprLKOsWLv3EXmIUaePZsEXRUiSsOObpPXKcdh3W98lo5eEMoirz1Pzgw_3jLPXAPRabvpMZKGPCCIHhq_wiwwwHaj4yfE9Mm5XBoKWQHfSp24XKL2JSo8ohi5Ivnha3CH2g"
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
{
"error" : "invalid_token",
"error_description" : "Access token expired: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhbGwiXSwiZXhwIjoxNjQ2NjUwMzYxLCJhdXRob3JpdGllcyI6WyI0Il0sImp0aSI6ImE1ZTNhYmVlLTgzNmQtNGVjZC05YzA0LTA3ODMxNWMwMDZmOCIsImNsaWVudF9pZCI6InRlc3QifQ.Qu1Z89NpLr0BBjQAxw5RRuRXYLAwB_m6VzAqEWQKcFKQGdgdhtG1rNxVz3GTIvZ2g7qApr1RYX85H8HqlR33XOogQ4PSBbejDZbuJ3UdB8E5GysyqGzwDHkl2_VMmcHznYTNN6cf2_F0gklaALK90ysNM3wipDF01tJQYovNzm_XWiX67pKfBstZqRqLp-sCzjynBdbm2RXMcDpUzSGprLKOsWLv3EXmIUaePZsEXRUiSsOObpPXKcdh3W98lo5eEMoirz1Pzgw_3jLPXAPRabvpMZKGPCCIHhq_wiwwwHaj4yfE9Mm5XBoKWQHfSp24XKL2JSo8ohi5Ivnha3CH2g"
}Refreshes a private access token
When your private access token expires, you should use the refresh token to request a new private access token.
$ curl 'http://platform.wim.tv:8080/oauth/token' -i -u 'test:test_api' -X POST \
-H 'Accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=refresh_token&refresh_token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6IjJmMTQ4NzAxLWNlNmUtNDNiNS04ZWViLTRmMzk0ZGJlNGI4NyIsImV4cCI6MTY0NjY1MDM1MCwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiIyNWYwNjQ0My1jOWJjLTRmOTItOGU2ZC04YThhODI5ODM0MmEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.aIG2a5yO_Zl0HMBp1u_E7B2leNSvvohn1vGVLR5IVfnb8LU6LtjUMnzk_hCOnR77qf9xQllSMLxxE45ZE8NaetAUNzaXokVCWnWjvNN8fj3ggb4gmPPxYg7NdyfV8RIOr78YVPU09Pmh2xoXXbeyVwnhuks8rURRjVoN0gpkxN4MBOZBDRHHDIAaoWYm9VurGPJ5ViZdyYBtgGVGW7ta9_HeY3UPOwKQtqfFUppB6iGzhJg2WVF-Z5GElWj6mjjoAeYsvdQICsOCtGNEwfH7wYXM5H1oEF7hrmBG89jqjyDMxbRvutaOyvvtlJUJmz8pJ4fF5ngCXm_0bIpQRcSubw'Request headers
| Name | Description |
|---|---|
|
Basic auth credentials of the client. |
Request parameters
| Parameter | Description |
|---|---|
|
Must be |
|
The refresh token. |
| Using the refresh token you avoid to transmit the user credentials and this is good for security. |
Response
HTTP/1.1 200 OK
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Length: 1551
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
{
"access_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NDY2NTAzNTAsInVzZXJfbmFtZSI6ImpvaG4iLCJhdXRob3JpdGllcyI6WyJCVU5ETEUiLCJMSUNFTlNFRSIsIk1BUktFVCIsIlBST0dSQU1NSU5HIiwiVVBMT0FEIiwiNiIsIlNUUkVBTSIsIkxJVkVfU1RSRUFNIl0sImp0aSI6IjExZmJmNTZiLTY4NTEtNGFiZC04MjVjLTYyMjI2OGI2M2ViZiIsImNsaWVudF9pZCI6InRlc3QiLCJzY29wZSI6WyJhbGwiXX0.eywcN0ak0rjS0eYYaT2HO7DN0zDHoziae3NdQ9jdarGMo5sPNtGIVH3f0L8-23oBjnuEeuZEAt2f0ezJ_xtMCb_Cdx4iJhxspvAZ0oZLO6MbuyKlanNg86EgYqmK04mCF5ghxaPgvYHqx0A3xVkAdlt1SlQIeVlXEabJf5ODCUqa4NtUwZy1ebIxd2cSJhMvNBz9bjqWWWzT1cI2YE1G9n6mTcUU9KiqivJVy0bWSg0z40obIfBnAxrb4thxcBi5e9xbnmeyYP0oFVRnKSiycCbRRhNJOY3QjS4PeXxGxyY56CgO_m42i16i5KeETPq4p8tpatbVv9nV46oHgVUi8A",
"token_type" : "bearer",
"refresh_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6IjExZmJmNTZiLTY4NTEtNGFiZC04MjVjLTYyMjI2OGI2M2ViZiIsImV4cCI6MTY0NjY1MDM1MCwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiIyNWYwNjQ0My1jOWJjLTRmOTItOGU2ZC04YThhODI5ODM0MmEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.q4spukZnv31MPwXYnwqD-uxvbm2pAzZsl7imoSPuGEhLUnSWy4BYAl3J2h12XIbGxVJtA7oZknAr52eVycFqeNdxEBok3SLUfJ3JCZ5FIY4fEqUCNYNwGjzMqHlXwabWtumKjR9g0uoZcbxmQdk6eX-jxraq8UZxY0ei9Na0DMNdI9zue_me_nPnqtlMamNbs7U1bA_wqbfDotDP4aTRTydWw8RviWZfgXKPqizzQeszabwsClA7ISyCto19dXZ9E6F0uMlisa-BCWAfSYxeF9aFhQJsbnUWjnwYsMB0CeLXN-olb-Ui4HfR4ks26DIUTGKfswXHeG2yHeThPAXh3A",
"expires_in" : 4,
"scope" : "all",
"jti" : "11fbf56b-6851-4abd-825c-622268b63ebf"
}Response fields
| Path | Type | Description |
|---|---|---|
|
|
Access token. |
|
|
Refresh token. |
|
|
|
|
|
Validity of the access token (seconds). |
|
|
|
| The current OAUTH2 implementation may generate only a new access token and keep the same refresh token, but you should not rely on this behavior: the implementation could be changed. |
Expired refresh token
When your refresh token expires, you should request another private access token.
Response
HTTP/1.1 401 Unauthorized
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Length: 815
Cache-Control: no-store
WWW-Authenticate: Bearer error="invalid_token", error_description="Invalid refresh token (expired): eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6IjExZmJmNTZiLTY4NTEtNGFiZC04MjVjLTYyMjI2OGI2M2ViZiIsImV4cCI6MTY0NjY1MDM1MCwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiIyNWYwNjQ0My1jOWJjLTRmOTItOGU2ZC04YThhODI5ODM0MmEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.q4spukZnv31MPwXYnwqD-uxvbm2pAzZsl7imoSPuGEhLUnSWy4BYAl3J2h12XIbGxVJtA7oZknAr52eVycFqeNdxEBok3SLUfJ3JCZ5FIY4fEqUCNYNwGjzMqHlXwabWtumKjR9g0uoZcbxmQdk6eX-jxraq8UZxY0ei9Na0DMNdI9zue_me_nPnqtlMamNbs7U1bA_wqbfDotDP4aTRTydWw8RviWZfgXKPqizzQeszabwsClA7ISyCto19dXZ9E6F0uMlisa-BCWAfSYxeF9aFhQJsbnUWjnwYsMB0CeLXN-olb-Ui4HfR4ks26DIUTGKfswXHeG2yHeThPAXh3A"
Content-Type: application/json;charset=UTF-8
{
"error" : "invalid_token",
"error_description" : "Invalid refresh token (expired): eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6IjExZmJmNTZiLTY4NTEtNGFiZC04MjVjLTYyMjI2OGI2M2ViZiIsImV4cCI6MTY0NjY1MDM1MCwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiIyNWYwNjQ0My1jOWJjLTRmOTItOGU2ZC04YThhODI5ODM0MmEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.q4spukZnv31MPwXYnwqD-uxvbm2pAzZsl7imoSPuGEhLUnSWy4BYAl3J2h12XIbGxVJtA7oZknAr52eVycFqeNdxEBok3SLUfJ3JCZ5FIY4fEqUCNYNwGjzMqHlXwabWtumKjR9g0uoZcbxmQdk6eX-jxraq8UZxY0ei9Na0DMNdI9zue_me_nPnqtlMamNbs7U1bA_wqbfDotDP4aTRTydWw8RviWZfgXKPqizzQeszabwsClA7ISyCto19dXZ9E6F0uMlisa-BCWAfSYxeF9aFhQJsbnUWjnwYsMB0CeLXN-olb-Ui4HfR4ks26DIUTGKfswXHeG2yHeThPAXh3A"
}Calling an API without an access token
If you try to call an API without an access token, the API fails.
Response
HTTP/1.1 401 Unauthorized
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
WWW-Authenticate: Bearer realm="oauth2-resource", error="unauthorized", error_description="Full authentication is required to access this resource"
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
Content-Length: 113
{
"error" : "unauthorized",
"error_description" : "Full authentication is required to access this resource"
}Calling a private API with a public access token
If you try to call a private API with a public access token, the API fails.
Response
HTTP/1.1 403 Forbidden
Pragma: no-cache
Content-Length: 75
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
{
"error" : "access_denied",
"error_description" : "Access is denied"
}Bad client credentials
If you request an access token with bad client credentials, the API fails.
Response
HTTP/1.1 401 Unauthorized
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Expires: 0
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
WWW-Authenticate: Basic realm="oauth2/client"
{
"timestamp" : "1474095055437",
"status" : 401,
"error" : "Unauthorized",
"message" : "Bad credentials",
"path" : "/wimtv-server/oauth/token"
}Bad user credentials
If you request an access token with bad user credentials, the API fails.
Response
HTTP/1.1 400 Bad Request
Content-Length: 74
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
{
"error" : "invalid_grant",
"error_description" : "Bad credentials"
}Invalid access token
If you use an invalid access token (or retry to use an expired access token), the API fails.
Response
HTTP/1.1 401 Unauthorized
Pragma: no-cache
Content-Length: 619
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
WWW-Authenticate: Bearer realm="oauth2-resource", error="invalid_token", error_description="Access token expired: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhbGwiXSwiZXhwIjoxNjQ2NjUwMzYxLCJhdXRob3JpdGllcyI6WyI0Il0sImp0aSI6ImE1ZTNhYmVlLTgzNmQtNGVjZC05YzA0LTA3ODMxNWMwMDZmOCIsImNsaWVudF9pZCI6InRlc3QifQ.Qu1Z89NpLr0BBjQAxw5RRuRXYLAwB_m6VzAqEWQKcFKQGdgdhtG1rNxVz3GTIvZ2g7qApr1RYX85H8HqlR33XOogQ4PSBbejDZbuJ3UdB8E5GysyqGzwDHkl2_VMmcHznYTNN6cf2_F0gklaALK90ysNM3wipDF01tJQYovNzm_XWiX67pKfBstZqRqLp-sCzjynBdbm2RXMcDpUzSGprLKOsWLv3EXmIUaePZsEXRUiSsOObpPXKcdh3W98lo5eEMoirz1Pzgw_3jLPXAPRabvpMZKGPCCIHhq_wiwwwHaj4yfE9Mm5XBoKWQHfSp24XKL2JSo8ohi5Ivnha3CH2g"
Cache-Control: no-store
Content-Type: application/json;charset=UTF-8
{
"error" : "invalid_token",
"error_description" : "Access token expired: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhbGwiXSwiZXhwIjoxNjQ2NjUwMzYxLCJhdXRob3JpdGllcyI6WyI0Il0sImp0aSI6ImE1ZTNhYmVlLTgzNmQtNGVjZC05YzA0LTA3ODMxNWMwMDZmOCIsImNsaWVudF9pZCI6InRlc3QifQ.Qu1Z89NpLr0BBjQAxw5RRuRXYLAwB_m6VzAqEWQKcFKQGdgdhtG1rNxVz3GTIvZ2g7qApr1RYX85H8HqlR33XOogQ4PSBbejDZbuJ3UdB8E5GysyqGzwDHkl2_VMmcHznYTNN6cf2_F0gklaALK90ysNM3wipDF01tJQYovNzm_XWiX67pKfBstZqRqLp-sCzjynBdbm2RXMcDpUzSGprLKOsWLv3EXmIUaePZsEXRUiSsOObpPXKcdh3W98lo5eEMoirz1Pzgw_3jLPXAPRabvpMZKGPCCIHhq_wiwwwHaj4yfE9Mm5XBoKWQHfSp24XKL2JSo8ohi5Ivnha3CH2g"
}Invalid refresh token
If you use an invalid refresh token (or retry to use an expired refresh token), the API fails.
Response
HTTP/1.1 401 Unauthorized
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Length: 815
Cache-Control: no-store
WWW-Authenticate: Bearer error="invalid_token", error_description="Invalid refresh token (expired): eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6IjExZmJmNTZiLTY4NTEtNGFiZC04MjVjLTYyMjI2OGI2M2ViZiIsImV4cCI6MTY0NjY1MDM1MCwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiIyNWYwNjQ0My1jOWJjLTRmOTItOGU2ZC04YThhODI5ODM0MmEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.q4spukZnv31MPwXYnwqD-uxvbm2pAzZsl7imoSPuGEhLUnSWy4BYAl3J2h12XIbGxVJtA7oZknAr52eVycFqeNdxEBok3SLUfJ3JCZ5FIY4fEqUCNYNwGjzMqHlXwabWtumKjR9g0uoZcbxmQdk6eX-jxraq8UZxY0ei9Na0DMNdI9zue_me_nPnqtlMamNbs7U1bA_wqbfDotDP4aTRTydWw8RviWZfgXKPqizzQeszabwsClA7ISyCto19dXZ9E6F0uMlisa-BCWAfSYxeF9aFhQJsbnUWjnwYsMB0CeLXN-olb-Ui4HfR4ks26DIUTGKfswXHeG2yHeThPAXh3A"
Content-Type: application/json;charset=UTF-8
{
"error" : "invalid_token",
"error_description" : "Invalid refresh token (expired): eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiYWxsIl0sImF0aSI6IjExZmJmNTZiLTY4NTEtNGFiZC04MjVjLTYyMjI2OGI2M2ViZiIsImV4cCI6MTY0NjY1MDM1MCwiYXV0aG9yaXRpZXMiOlsiQlVORExFIiwiTElDRU5TRUUiLCJNQVJLRVQiLCJQUk9HUkFNTUlORyIsIlVQTE9BRCIsIjYiLCJTVFJFQU0iLCJMSVZFX1NUUkVBTSJdLCJqdGkiOiIyNWYwNjQ0My1jOWJjLTRmOTItOGU2ZC04YThhODI5ODM0MmEiLCJjbGllbnRfaWQiOiJ0ZXN0In0.q4spukZnv31MPwXYnwqD-uxvbm2pAzZsl7imoSPuGEhLUnSWy4BYAl3J2h12XIbGxVJtA7oZknAr52eVycFqeNdxEBok3SLUfJ3JCZ5FIY4fEqUCNYNwGjzMqHlXwabWtumKjR9g0uoZcbxmQdk6eX-jxraq8UZxY0ei9Na0DMNdI9zue_me_nPnqtlMamNbs7U1bA_wqbfDotDP4aTRTydWw8RviWZfgXKPqizzQeszabwsClA7ISyCto19dXZ9E6F0uMlisa-BCWAfSYxeF9aFhQJsbnUWjnwYsMB0CeLXN-olb-Ui4HfR4ks26DIUTGKfswXHeG2yHeThPAXh3A"
}