# Token Management

## Step 1:Generating Access Token from Refresh Token

This can be achieved by making a **POST** request shown below:

```
curl -X POST {OAUTH_URL}/v1/oauth/token/{token_type} 
--header 'Content-Type: application/json'
  -d '{
  "grant_type":"refresh_token",
  "refresh_token":"064be187f42e9238122ef9d7a985c8800dff3752",
  "client_id":"xxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "client_secret":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}'
```

**Different variables associated with this POST request are described below:**

| **`Variables`**  | `Status`   | **`Description`**                               |
| ---------------- | ---------- | ----------------------------------------------- |
| `token_type*`    | `Required` | `user`                                          |
| `grant_type*`    | `Required` | `Grant type should be access token`             |
| `refresh_token*` | `Required` | `Add the refresh token here received in Step 3` |
| `client_id*`     | `Required` | `Add the client id received in Step 2`          |
| `client_secret*` | `Required` | `Add the client secret received in Step 2`      |

**The response to this request will be of similar format as that of Step 3 shown below:**

```
{
    "access_token": "eysdkhsdbjbdfsNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1NTAxMzYsImV4cGlyZXNBdCI6IjIwMTktMDctMDZUMDc6MDI6MzAuMTM2WiIsInRva2VuX3R5cGUiOiJDT01QQU5ZIn0sImFfdCI6ImY3ZWM1MWMyYmE0ZGNmNzY2ZWE0ZDExMTI3ZjEzZjQzZjAwZmNhsdjhfbsfdjblfs",
    "token_type": "bearer",
    "expires_in": 2592000,
    "refresh_token": "sdff064be187f42e9238122ef9d7a985c8800dff3752"
}
```

{% hint style="info" %}
`Please note that the refresh_token generated with this response will be a new refresh_token. So going forward, the client must replace the old refresh_token with the new one.`
{% endhint %}

### **`Visual representation to understand Token Management Step 1:`**

![](https://lh5.googleusercontent.com/4oKoZdXVXXio6x5H9ljeMl6AKG2i7ECNGTqLSWM09dkwAKCYhNVJk25wdCnCoi0QUjxTxFQhpcfQC0ERsO7vmihogXuUBIybVDyuG-IeUY49b3ZYhpjOD6x3Vqr0ENAnejJ0I5CK)

## STEP 2: Access Token Validation

At any point, if the user wants to validate if the access\_token is valid or not, the user can call the endpoint defined below:

```
curl -X GET {OAUTH_URL}/v1/oauth/token 
-H 'Authorization: Bearer eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJ'
--header 'Content-Type: application/json'

```

Here the user will pass the bearer token (user) in the header. \
The response of the request will be following for success and failure case

{% tabs %}
{% tab title="Sucess" %}

```
{
    "access_token": "eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJ",
    "token_type": "bearer",
    "expires_in": 1291911023
}
```

{% endtab %}

{% tab title="Failure" %}

```
{
    "error": "invalid_request",
    "error_description": "missing/invalid parameters authorization header"
}
```

{% endtab %}
{% endtabs %}