Generating a Refresh Token
For security, SBOM Insights does not store long-lived refresh tokens. The only time that the token is available is when is when it is generated and displayed in the user interface. If the user fails to copy the token at this time, they should revoke the token (see Revoking an API Refresh Token), and generate a new one.
To generate a refresh token:
| 1. | In a web browser, access SBOM Insights at this URL: |
The SBOM Insights login screen is displayed.
| 2. | Log in to your account. |
| 3. | Click the profile icon  in the top right corner of the page, and select User Settings. |
The My Invitations screen is displayed.
| 4. | At the bottom of the icon bar on the left side of the screen, click the double arrows to open the left menu. |
| 5. | On the menu, click API Credentials and then click Create API Refresh Token. |
The token is created.
| 6. | Click Copy to copy the refresh token, and then save it in a secure location for future reference. |
Important:The following describes important information about refresh tokens:
| • | When you close the New API Refresh Token modal, the refresh token will no longer be accessible. |
| • | An SBOM Insights refresh token expires in one year if it is not used in that year. |
| • | An SBOM Insights refresh token will never expire if used at least once a year. |
| • | No limit exists on the number of active SBOM Insights API refresh tokens that a user can have. |