Renewing Expired Tokens

Access Tokens and ID Tokens are valid for 1 hour. To generate new tokens, you need to use the Refresh Token.

Renewing Tokens using the SDK

cotter.tokenHandler.getAccessToken();

cotter.tokenHandler.getAccessToken();

var accessToken = await cotter.getAccessToken();

Renewing Tokens using Refresh Token

If Cotter's SDK doesn't support auto renewal, or if you you need to renew the tokens manually, you can make an HTTP request to Cotter's Server to renew the tokens using a refresh_token.

curl -XPOST \
-H 'API_KEY_ID: <YOUR API KEY ID>' \
-H "Content-type: application/json" \
-d '{
  "grant_type": "refresh_token",
  "refresh_token": "<REFRESH_TOKEN>"
}' 'https://www.cotter.app/api/v0/token/<YOUR API KEY ID>'

Get Token using Refresh Token

POST https://www.cotter.app/api/v0/token/<YOUR API KEY ID>

Getting new access_token and id_token using refresh_token

Path Parameters

Headers

Request Body

{
  "access_token": "eyJhbGciOiJFU...",
  "auth_method": "OTP",
  "expires_in": 3600, // expiry in seconds
  "id_token": "eyJhbGciOiJFUzI1N...",
  "refresh_token": "235:s3kjlwkg035...",  // NEW refresh token
  "token_type": "Bearer"
}

Refresh Token Rotation

Renewing Expired Refresh Token

When your refresh_token is expired, you have to re-authenticate your user. If you're using Trusted Devices and the current device is a trusted device, you can simply request authentication silently, in the background by Signing in with Device.