The Access Token received from Token URL can be used to access API by sending it in Authorization header as a Bearer token, eg:
GET https://api.passolution.eu/api/v2/infosystem/passolution
Authorization: Bearer eyJ...The Refresh Token received with Access Token can be used to get a new Access Token & Refresh Token before the expiry by making a POST request to Authorization Server's Token Refresh URL (https://web.passolution.eu/oauth/token):
Note: A Refresh Token can be used only once. Make sure to store new Refresh Token received when refreshing an Access Token for future use.
POST https://web.passolution.eu/oauth/token
Content-Type: application/json
{
"client_id": "your-client-id",
"client_secret": "your-client-secret",
"grant_type": "refresh_token",
"refresh_token": "refresh-token-value"
}Note: The Token Refresh URL is rate limited to 300 requests per minute.
| Parameter | Description |
|---|---|
| client_id | Your OAuth Client ID |
| client_secret | Your OAuth Client Secret It should not be stored outside of your secure servers |
| grant_type | 'grant_type' field should be set to 'refresh_token' when using refresh token for generating new Access Token |
| refresh_token | The refresh token that was received when exchanging 'authorization code' for Access Token |
The Refresh Token URL endpoint will respond with JSON response containing following fields:
{
"expires_in": 31536000,
"access_token": "eyJ...",
"refresh_token": "def..."
}| Parameter | Description |
|---|---|
| expires_in | Number of seconds after which the new access token will expire. |
| access_token | New Access Token for the User |
| refresh_token | New Refresh Token for the User which can be used to generate new Access Token again |
Note: A Refresh Token can be used only once. Make sure to store the new Refresh Token received in response for future use.
OAuth Client Secret, Access Tokens & Refresh Tokens must be kept confidential.
DO NOT expose these details anywhere in public forums, repositories, logs or in your website's client-side code (HTML, JavaScript) as it may lead to data theft or loss.