Description: Refreshes an existing access token without having to provide the old token. The Refresh Token is the same API endpoint as Create Token, with a specific grant type: refresh_token
.
Since: 7.37.9
Security: Requires a valid token.
Usage: POST /access/api/v1/tokens
Authorization: <authorization header value>
Content-Type: application/x-www-form-urlencoded and application/json
Produces: application/json (see Create Token)
Note
The authenticated user must match the user of the access token being refreshed (identified by the refresh token)
Starting from Artifactory version 7.59.5, it is possible to enable a grace period in which you will be able to refresh a token that has expired using the Refresh Token REST API.
To enable it, set the
refresh-expiry
parameter in your system configuration file with the length of the grace period in seconds.
Sample Usage:
curl -H "Authorization: Bearer <valid access token>" -XPOST "http://localhost:8082/access/api/v1/tokens" -d "grant_type=refresh_token" -d "refresh_token=<refresh-token>" 200 { "token_id": "<id>" "access_token": "<access-token>", "expires_in": <expiry>, // optional "grant_type": "refresh_token", "refresh_token": "<refresh-token>" }
This endpoint takes the following parameters.
| Should be set to |
| The value of refresh token of the access token that needs to be refreshed: |
For all other parameters, see see Create Token.
Errors:
400: If the token was created by a different Artifactory instance (and therefore cannot be refreshed)