Token Creation & Token Management
In this step as per OAuth protocol, the code received by the client in the authorization step will be exchanged to get the access_token which is used for accessing the Xoxoday storefront granted based on the scopes allowed by the user.
Access Token Generation
The client server (As this request involves sensitive information i.e, client_secret) must make the following POST request to get the access_token.
Parameters
Parameters
Diagrammatic Representation for Authorization & Access Token generation.
Access Token generation from Refresh Token
Upon Expiry the access token can be regenrated using the response token using the following request:
Parameters
Parameters
Body Parameters
Body Parameters
Parameters
Description
grant_type*
Although Oauth supports different grant_type values. The values supported by Xoxoday is authorization_code, refresh_token.
client_id*
client_secret*
refresh_token*
The value with which client can regenerate expired access_token. This refresh token for the user session lasts for 30 days and refresh token for company session lasts for 60 days.
Diagrammatic Representation for Access Token regeneration.
Access Token Validation
For verifying at any point in the app if the token is valid/not, call below endpoint.
Last updated
Was this helpful?