Documentation - Refresh Token Authentication

POST /auth/token

Request Information

As defined in the OAuth 2.0 protocol, the token request needs to be formatted as application/x-www-form-urlencoded.

Resource Description

Name	Description	Type	Additional information
client_id	The unique identifier assigned to your application.	string	Required. Use HTTP Basic Authentication as stated in the Note section below.
client_secret	The password for your application.	string	Required. Use HTTP Basic Authentication as stated in the Note section below.
refresh_token	The refresh token received from the previous token request.	string	Required
grant_type	MUST be set to "refresh_token".	string	Required
scope	Specifies the set of operations the requested access token should be permitted to use. When requesting multiple scopes, the value must be expressed as a list of space-delimited API scopes.	string	Required. See Service Extensions and Scopes for further details.

Note

It is recommended to use the HTTP Basic Authentication scheme (as defined in RFC 2617) for client authentication. Only clients unable to directly utilize the HTTP Basic Authentication should send "client_id" and "client_secret" in the request body. In order for a client to use HTTP Basic Authentication, the following steps need to be performed:

Concatenate "client_id" and "client_secret" with a colon in between: {client_id}:{client_secret}
Base64-encode the concatenated string.
Add the following Authorization header to the request: Basic {Base64-encoded-string}

Request Format (with HTTP Basic Authentication)

application/x-www-form-urlencoded

POST /auth/token HTTP/1.1
Authorization: Basic bXlUZXN0QXBwOm15U2VjcmV0
Content-Type: application/x-www-form-urlencoded

refresh_token=e638d190ecec49aa80157e86fb11e4e5&grant_type=refresh_token&scope=ECom.Shop+SkyStatus.Reporting

Request Format (with "client_id" and "client_secret" in request body)

application/x-www-form-urlencoded

POST /auth/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded

client_id=myTestApp&client_secret=mySecret&refresh_token=e638d190ecec49aa80157e86fb11e4e5&grant_type=refresh_token&scope=ECom.Shop+SkyStatus.Reporting

Response Information

As defined in the OAuth 2.0 protocol, the token response is formatted as JSON.

Resource Description

Name	Description	Type	Additional information
access_token	The access token used to send authenticated requests to the Unity API.	string	Required
token_type	Identifies the type of token. This field is always set to "bearer".	string	Required
expires_in	The lifetime of the access token in seconds.	number	Required
refresh_token	The refresh token used for refreshing (obtaining a new) access token.	string	Required
scope	The set of operations the issued access token is permitted to request.	string	Required

Response Format

application/json, text/json

{
    "access_token": "E0wcZcGpktnJCiB5U-ftsWQ1t0_7m6ATX_NxznQO7QvbMKhIF09XqJCWI2NVCX1yoc36OlrrxRxPzjAD5OtKz2bBCZJ9e1tuej9eSkul9SXV0U4wijzDN-l7
                     l6jt161IKxTg-O8IG0MEO5FRzSJIsfSFWnKeSLQc-X7Rj0OBKQBb91NKpvietzm3jcKIhZlalFrBT7QWahV5yVEwI7khazPm-jWnX97WVBPUE9TIZTijP0jmM-d9wvl-L
                     xHtOELpZnl7jDybSzLZJX0vkG_lBGqtKMnrwXLvEQdRsRL3Vcuo10dJ3EC9VWI0j2F-3ryhJCzBWQ",
    "token_type": "bearer",
    "expires_in": 299,
    "refresh_token": "276927f4e97a46db8b94fda24d52d93d",
    "scope": "[\"ECom.Shop\",\"SkyStatus.Reporting\"]"
}