Xoxoday
  • 📓User Resources
    • 👨‍💼For Admins
      • 📌Getting Started
        • ⚙️Settings
          • Manage Super Admin/Admins
            • Hierarchy vs Non-Hierarchy
            • Threshold
            • Delete an Admin
            • Redemption APIs
              • Generic Redemption APIs
              • Oauth 2.0 Implementation for Stores Redemption
          • Platform Preferences
          • Account Verification
        • Types of Companies
      • 🚀Plum Launch Communication Kit
        • 🌉Pre-Launch Templates
        • 🤝Introduction to Plum Templates
        • 📺How to Sign up on Plum’s reward storefront Template
        • 📑How to Bookmark Plum’s reward storefront for easy access Template
        • 🎉How to Redeem the Rewards on Plum’s Reward Storefront?
      • Xoxo Points
        • 📌Getting Started
        • 🚚Distribution of Xoxo-points
        • 📩Email/SMS Customization
        • FAQs
      • Xoxo Codes
        • 📌Getting Started
        • 🚚Distribution of Xoxo-codes
        • 📩Email, SMS, and Xoxo Code Campaign Customization
        • FAQs
      • Points vs Codes
      • Xoxo Links
        • 📌Getting Started
        • 🚚Distribution of Xoxo-links
        • FAQs
      • Domain Authentication Guide
        • Troubleshooting Domain Authentication
      • 💰Add Funds
        • Base Currency
      • Campaigns
        • Getting Started
        • Editing a campaign?
        • Delete/disabling a Xoxo Campaign?
      • 🏬Reports
      • 💳Prepaid Card User Guide
        • Virtual Paypal International
          • 📌Getting Started
          • 📭How to Redeem?
        • Virtual Visa Card
          • 📌Getting Started
          • 💳How to Redeem?
      • 🔐Security and Compliance
        • Cryptography & Encryption
        • Email Whitelisting
        • Governance, Risk, & Data Compliance
        • Application,Dev & Security
        • Cloud Security
        • HR Compliance
        • Identity & Access Management
        • Solution Development
        • Security Operations
        • Training and Awareness
        • Vulnerability and Threat Management
        • Security Operations & Technical Capabilities and Support
        • Data Management
        • Policies & Procedures
        • Tax Compliance
        • Privacy Compliance
        • Cloud Security Alliance
        • Others
        • Documents
          • Data Security
          • Information Security
          • Admin/Business
          • Others
          • Finance Compliance
    • 🧑‍🤝‍🧑For End-Users
      • 📌Getting Started
      • 🧑‍💻Signing up/Logging in
      • 🪙How to redeem?
      • 💳Gift Vouchers
      • 🎁Gift Box Queries
      • 🚚Delivery Related Issues
      • 🛑Cancelation/Refunds
    • 🔗Pre-Built Integrations
      • Qualtrics Integration Guide
        • Using Qualtrics Workflow Extension to Send Rewards
        • Public Survey Rewarding
        • Anonymous Survey Rewarding
      • HubSpot + Plum
        • 1-1 Reward Widget in HubSpot
        • Workflow Based Reward Automation
        • 1-Many Link for Xoxolink’s Reward Automation
        • Email based Reward Automation
      • Darwinbox + Plum
      • SurveyMonkey + Plum
        • Public Survey Automation
        • Anonymous Survey Automation
      • Zapier + Plum
      • ActiveCampaign + Plum
        • Creating Automation
      • Salesforce + Plum
        • Getting Started with Xoxoday Plum
        • Getting Started and Setting up Salesforce Integration
        • Sending 1-1 Reward
        • Steps to create a Flow and add a Trigger
        • Redemption Journey for your Recipients
      • Typeform + Plum by Xoxoday
      • Zoho People + Plum
      • SAP Successfactors + Plum
        • SAP Client Registration with Xoxoday for Stores Redemption
      • Decipher - Forsta Integration
      • Zoho CRM
        • Send 1-1 rewards
        • Automation : Workflow Rules
      • Connect Plum to thousands of apps using Zapier
      • Other Integrations
    • 🛣️Product Roadmap
      • 2022
      • 2021
  • 👨‍💻Developer Resources
    • Rewards API
      • Getting started
      • API Endpoints
        • Authentication
          • Client ID, Secret ID, and Token Creation
          • Token Management
        • Catalog
          • GetVouchers API
          • GetFilters API
        • Orders
          • PlaceOrder API
          • GetOrderDetails API
          • GetOrderHistory API
        • Account Balance
          • GetBalance API
        • Postman Collection URL
      • Concepts
        • Staging Environment
        • Catalog
        • Error Handling
          • Standard HTTP status code summary
          • Errors related to API
        • Exchange Rates
      • Guides
        • Funding the Account
        • Reporting and Analytics
      • Webhooks
        • Test Webhooks
        • How to implement webhooks?
        • How to secure your webhooks?
      • Forex
      • Best Practices
      • Frequently Asked Questions
    • StoreFront Integration
      • Getting started
      • API Endpoints
        • Authorization
        • Token Creation & Token Management
        • SSO Redirection
        • End Points
      • Concepts
        • Points
      • Guides
        • Funding Account
        • Reports and Analytics
    • Xoxo Link API
    • Roadmap for 2021
  • 📅Release Notes
    • Release April 2023
    • Release March 2023
    • Release February 2023
    • Release December 2022
    • Release October 2022
    • Release September 2022
    • Release July 2022
    • Release May 2022
    • Release March 2022
    • Release February 2022
    • Release December 2021
    • Release November 2021
    • Release October 2021
    • Release September 2021
    • Release July 2021
    • Release May 2021
    • Release March 2021
    • Release December 2020
    • Release October 2020
    • Release September 2020
    • Release August 2020
    • Release June 2020
    • Release May 2020
    • Release April 2020
    • Release March 2020
Powered by GitBook
On this page
  • Step 1:Generating Access Token from Refresh Token
  • Visual representation to understand Token Management Step 1:
  • STEP 2: Access Token Validation

Was this helpful?

  1. Developer Resources
  2. Rewards API
  3. API Endpoints
  4. Authentication

Token Management

Learn how to generate the access token by using a Refresh Token. This applies in cases where the token has either expired or has become invalid.

Step 1:Generating Access Token from Refresh Token

This can be achieved by making a POST request shown below:

curl -X POST {OAUTH_URL}/v1/oauth/token/{token_type} 
--header 'Content-Type: application/json'
  -d '{
  "grant_type":"refresh_token",
  "refresh_token":"064be187f42e9238122ef9d7a985c8800dff3752",
  "client_id":"xxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "client_secret":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}'

Different variables associated with this POST request are described below:

Variables

Status

Description

token_type*

Required

user

grant_type*

Required

Grant type should be access token

refresh_token*

Required

Add the refresh token here received in Step 3

client_id*

Required

Add the client id received in Step 2

client_secret*

Required

Add the client secret received in Step 2

The response to this request will be of similar format as that of Step 3 shown below:

{
    "access_token": "eysdkhsdbjbdfsNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1NTAxMzYsImV4cGlyZXNBdCI6IjIwMTktMDctMDZUMDc6MDI6MzAuMTM2WiIsInRva2VuX3R5cGUiOiJDT01QQU5ZIn0sImFfdCI6ImY3ZWM1MWMyYmE0ZGNmNzY2ZWE0ZDExMTI3ZjEzZjQzZjAwZmNhsdjhfbsfdjblfs",
    "token_type": "bearer",
    "expires_in": 2592000,
    "refresh_token": "sdff064be187f42e9238122ef9d7a985c8800dff3752"
}

Please note that the refresh_token generated with this response will be a new refresh_token. So going forward, the client must replace the old refresh_token with the new one.

Visual representation to understand Token Management Step 1:

STEP 2: Access Token Validation

At any point, if the user wants to validate if the access_token is valid or not, the user can call the endpoint defined below:

curl -X GET {OAUTH_URL}/v1/oauth/token 
-H 'Authorization: Bearer eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJ'
--header 'Content-Type: application/json'

Here the user will pass the bearer token (user) in the header. The response of the request will be following for success and failure case

{
    "access_token": "eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJ",
    "token_type": "bearer",
    "expires_in": 1291911023
}

{
    "error": "invalid_request",
    "error_description": "missing/invalid parameters authorization header"
}

PreviousClient ID, Secret ID, and Token CreationNextCatalog

Last updated 3 years ago

Was this helpful?

👨‍💻