# OAuth Tokens API

## Renewing Tokens using Refresh Token

If Cotter's SDK doesn't support auto renewal, or if you you need to renew the tokens manually, you can make an HTTP request to Cotter's Server to renew the tokens using a `refresh_token`.

```javascript
curl -XPOST \
-H 'API_KEY_ID: <YOUR API KEY ID>' \
-H "Content-type: application/json" \
-d '{
  "grant_type": "refresh_token",
  "refresh_token": "<REFRESH_TOKEN>"
}' 'https://www.cotter.app/api/v0/token/<YOUR API KEY ID>'
```

## Get Token using Refresh Token

<mark style="color:green;">`POST`</mark> `https://www.cotter.app/api/v0/token/<YOUR API KEY ID>`

Getting new `access_token` and `id_token` using `refresh_token`

#### Path Parameters

| Name         | Type   | Description       |
| ------------ | ------ | ----------------- |
| API\_KEY\_ID | string | Your `API_KEY_ID` |

#### Headers

| Name         | Type   | Description       |
| ------------ | ------ | ----------------- |
| Content-type | string | application/json  |
| API\_KEY\_ID | string | Your `API_KEY_ID` |

#### Request Body

| Name           | Type   | Description                   |
| -------------- | ------ | ----------------------------- |
| grant\_type    | string | Grant type is `refresh_token` |
| refresh\_token | string | Your `refresh_token`          |

{% tabs %}
{% tab title="200 Returns a new access\_token and id\_token. Does not return a new refresh\_token" %}

```javascript
{
  "access_token": "eyJhbGciOiJFU...",
  "auth_method": "OTP",
  "expires_in": 3600, // expiry in seconds
  "id_token": "eyJhbGciOiJFUzI1N...",
  "refresh_token": "234:w3tlkw3jtwk...", // NEW refresh token
  "token_type": "Bearer"
}
```

{% endtab %}
{% endtabs %}

### **Refresh Token Rotation**

{% hint style="warning" %}
Note that **this returns a new `refresh_token` and invalidates the old `refresh_token`**
{% endhint %}