OAuth Tokens API

HTTP Requests for handling Access Token, ID Token, and Refresh Tokens

Renewing Tokens using Refresh Token

If Cotter's SDK doesn't support auto renewal, or if you you need to renew the tokens manually, you can make an HTTP request to Cotter's Server to renew the tokens using a refresh_token.

curl -XPOST \
-H 'API_KEY_ID: <YOUR API KEY ID>' \
-H "Content-type: application/json" \
-d '{
"grant_type": "refresh_token",
"refresh_token": "<REFRESH_TOKEN>"
}' 'https://www.cotter.app/api/v0/token/<YOUR API KEY ID>'

post
Get Token using Refresh Token

https://www.cotter.app/api/v0/token/<YOUR API KEY ID>
Getting new access_token and id_token using refresh_token
Request
Response
Request
Path Parameters
API_KEY_ID
optional
string
Your API_KEY_ID
Headers
Content-type
optional
string
application/json
API_KEY_ID
required
string
Your API_KEY_ID
Body Parameters
grant_type
required
string
Grant type is refresh_token
refresh_token
required
string
Your refresh_token
Response
200: OK
Returns a new access_token and id_token. Does not return a new refresh_token
{
"access_token": "eyJhbGciOiJFU...",
"auth_method": "OTP",
"expires_in": 3600, // expiry in seconds
"id_token": "eyJhbGciOiJFUzI1N...",
"refresh_token": "234:w3tlkw3jtwk...", // NEW refresh token
"token_type": "Bearer"
}

Refresh Token Rotation

Note that this returns a new refresh_token and invalidates the old refresh_token