search

Renewing Expired Tokens

Access Tokens and ID Tokens are valid for 1 hour. To generate new tokens, you need to use the Refresh Token.

hashtag
Renewing Tokens using the SDK

circle-check

Cotter's SDK generally handles this for you. Check the availability below.

βœ… Cotter's JavaScript SDK (from npm) automatically renews your access_token and id_token whenever there is a valid refresh_token in storage.

This renewal is called when you call Cotter's Get Access Token function.

cotter.tokenHandler.getAccessToken();

hashtag
Renewing Tokens using Refresh Token

If Cotter's SDK doesn't support auto renewal, or if you you need to renew the tokens manually, you can make an HTTP request to Cotter's Server to renew the tokens using a refresh_token.

curl -XPOST \
-H 'API_KEY_ID: <YOUR API KEY ID>' \
-H "Content-type: application/json" \
-d '{
  "grant_type": "refresh_token",
  "refresh_token": "<REFRESH_TOKEN>"
}' 'https://www.cotter.app/api/v0/token/<YOUR API KEY ID>'

hashtag
Get Token using Refresh Token

POST https://www.cotter.app/api/v0/token/<YOUR API KEY ID>

Getting new access_token and id_token using refresh_token

hashtag
Path Parameters

Name
Type
Description

API_KEY_ID

string

You API_KEY_ID

hashtag
Headers

Name
Type
Description

Content-type

string

application/json

API_KEY_ID

string

Your API_KEY_ID

hashtag
Request Body

Name
Type
Description

grant_type

string

Grant type is refresh_token

refresh_token

string

Your refresh_token

hashtag
Refresh Token Rotation

circle-exclamation

Note that this does invalidates the old refresh_token and return a new refresh_token

hashtag
Renewing Expired Refresh Token

When your refresh_token is expired, you have to re-authenticate your user. If you're using Trusted Devices and the current device is a trusted device, you can simply request authentication silently, in the background by Signing in with Device.

PreviousStoring and Removing TokensNextVerifying JWT Tokens

Last updated