Generating an Access Token from a Refresh Token
The API refresh token is a long-lived credential that is used to generate an access token. Access tokens are short-lived tokens that must be included in requests to the SBOM Insights API.
Important:For security, access tokens are only valid for one hour.
To generate an access token from the refresh token using a command line tool or SDK:
| 1. | Obtain a refresh token using the instructions in Generating a Refresh Token. |
| 2. | From a command-line tool or SDK, enter the following cURL command, replacing <your refresh token> with the token obtained in step 1. |
curl -s -i -X POST https://login.flexera.com/oidc/token -d "grant_type=refresh_token&refresh_token=<your refresh token>"
The response looks similar to the following:
HTTP/2 200
date: Wed, 30 Sep 2020 00:31:33 GMT
content-type: application/json
content-length: 1015
{"access_token": <your access token>,"expires_in":3600,"refresh_token":"<your refresh token>","token_type":"Bearer"}
The following table explains the response fields:
|
Field |
Description |
|
access_token |
The access token value. You should copy this to make subsequent API requests. |
|
expires_in |
The number of seconds for which this access token remains valid. |
|
refresh_token |
The API refresh token that you provided to generate the access token. |
|
token_type |
The authorization scheme used by the access token in API requests. Access tokens in SBOM Insights use the Bearer scheme. |