# Token Management ## Step 1:Generating Access Token from Refresh Token This can be achieved by making a **POST** request shown below: ``` curl -X POST {OAUTH_URL}/v1/oauth/token/{token_type} --header 'Content-Type: application/json' -d '{ "grant_type":"refresh_token", "refresh_token":"064be187f42e9238122ef9d7a985c8800dff3752", "client_id":"xxxxxxxxxxxxxxxxxxxxxxxxxxx", "client_secret":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx" }' ``` **Different variables associated with this POST request are described below:** | **`Variables`** | `Status` | **`Description`** | | ---------------- | ---------- | ----------------------------------------------- | | `token_type*` | `Required` | `user` | | `grant_type*` | `Required` | `Grant type should be access token` | | `refresh_token*` | `Required` | `Add the refresh token here received in Step 3` | | `client_id*` | `Required` | `Add the client id received in Step 2` | | `client_secret*` | `Required` | `Add the client secret received in Step 2` | **The response to this request will be of similar format as that of Step 3 shown below:** ``` { "access_token": "eysdkhsdbjbdfsNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1NTAxMzYsImV4cGlyZXNBdCI6IjIwMTktMDctMDZUMDc6MDI6MzAuMTM2WiIsInRva2VuX3R5cGUiOiJDT01QQU5ZIn0sImFfdCI6ImY3ZWM1MWMyYmE0ZGNmNzY2ZWE0ZDExMTI3ZjEzZjQzZjAwZmNhsdjhfbsfdjblfs", "token_type": "bearer", "expires_in": 2592000, "refresh_token": "sdff064be187f42e9238122ef9d7a985c8800dff3752" } ``` {% hint style="info" %} `Please note that the refresh_token generated with this response will be a new refresh_token. So going forward, the client must replace the old refresh_token with the new one.` {% endhint %} ### **`Visual representation to understand Token Management Step 1:`** ![](https://lh5.googleusercontent.com/4oKoZdXVXXio6x5H9ljeMl6AKG2i7ECNGTqLSWM09dkwAKCYhNVJk25wdCnCoi0QUjxTxFQhpcfQC0ERsO7vmihogXuUBIybVDyuG-IeUY49b3ZYhpjOD6x3Vqr0ENAnejJ0I5CK) ## STEP 2: Access Token Validation At any point, if the user wants to validate if the access\_token is valid or not, the user can call the endpoint defined below: ``` curl -X GET {OAUTH_URL}/v1/oauth/token -H 'Authorization: Bearer eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJ' --header 'Content-Type: application/json' ``` Here the user will pass the bearer token (user) in the header. \ The response of the request will be following for success and failure case {% tabs %} {% tab title="Sucess" %} ``` { "access_token": "eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJ", "token_type": "bearer", "expires_in": 1291911023 } ``` {% endtab %} {% tab title="Failure" %} ``` { "error": "invalid_request", "error_description": "missing/invalid parameters authorization header" } ``` {% endtab %} {% endtabs %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://xoxoday.gitbook.io/plum/developer-resources/overview-of-reward_api/api-endpoints-1/authentication/token-management.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.