Description: Refreshes an existing access token without having to provide the old token. The Refresh Token is the same API endpoint as Create Token, with a specific grant type: refresh_token.
Since: 7.37.9
Security: Requires a valid admin-scoped token.
Usage: POST /access/api/v1/tokens
Authorization: <authorization header value>
Content-Type: application/x-www-form-urlencoded
Produces: application/json (see Create Token)
Note
Requires authentication using credentials or an access token.
The refresh token must be valid (i.e., must exist and not be expired)
The authenticated user must match the user of the access token being refreshed (identified by the refresh token)
Note
Starting from Artifactory version 7.59.5, it is possible to enable a 'grace period' in which you will be able to refresh a token that has expired using the Refresh Token REST API.
To enable it, set the refresh-expiry parameter in your system configuration file with the length of the grace period in seconds.
Sample Usage:
200
{
"token_id": "<id>"
"access_token": "<access-token>",
// optional
"expires_in": <expiry>, // optional
"grant_type": "refresh_token",
"refresh_token": "<refresh-token>"
}This endpoint takes the following parameters:
| Should be set to |
| The value of refresh token of the access token that needs to be refreshed: |
For all other parameters, see Create Token.
Errors:
400: If the token was created by a different Artifactory instance (and therefore cannot be refreshed)