Cotter
Cotter
Cotter
Cotter
🚀 Getting Started
💈Features
📌 Quickstart Guides
🌟 HTML – Magic Link with Email & Phone
HTML & Node.js
▲ Next.js
Angular
⚛️ React Native
iOS
Flutter
📘 SDK Reference
Web
React Native
Flutter
iOS
Android
API for Other Mobile Apps
🛡️ Protecting Your Account
Rate Limit
Enable reCAPTCHA to Protect Against Automated Abuse
Only Allow Your Website/App to Use Your API Key
🗝️ Getting Access Token
Handling Authentication with Cotter
Getting the Tokens
Storing and Removing Tokens
Renewing Expired Tokens
Verifying JWT Tokens
🔌 API Reference
User API
OAuth Tokens API
Event Object
Powered by GitBook

Renewing Expired Tokens

Access Tokens and ID Tokens are valid for 1 hour. To generate new tokens, you need to use the Refresh Token.

Renewing Tokens using the SDK

Cotter's SDK generally handles this for you. Check the availability below.

React Native
Other SDKs (coming soon)
React Native

✅ Cotter's React Native SDK automatically renews your access_token and id_token whenever there is a valid refresh_token in storage.

This renewal is called when you call Cotter's Get Access Token function.

cotter.tokenHandler.getAccessToken();
Other SDKs (coming soon)

We'll add support for JS, Android and iOS soon 😉. Stay tuned

Renewing Tokens using Refresh Token

If Cotter's SDK doesn't support auto renewal, or if you you need to renew the tokens manually, you can make an HTTP request to Cotter's Server to renew the tokens using a refresh_token.

curl -XPOST \
-H 'API_KEY_ID: <YOUR API KEY ID>' \
-H 'API_SECRET_KEY: <YOUR API SECRET KEY>' \
-H "Content-type: application/json" \
-d '{
  "grant_type": "refresh_token",
  "refresh_token": "<REFRESH_TOKEN>"
}' 'https://www.cotter.app/api/v0/token'

post
Get Token using Refresh Token

https://www.cotter.app/api/v0/token
Getting new access_token and id_token using refresh_token
Request
Response
Request
Headers
Content-type
optional
string
application/json
API_KEY_ID
required
string
Your API_KEY_ID
API_SECRET_KEY
required
string
Your API_SECRET_KEY
Body Parameters
grant_type
required
string
Grant type is refresh_token
refresh_token
required
string
Your refresh_token
Response
200: OK
Returns a new access_token and id_token. Does not return a new refresh_token
{
  "access_token": "eyJhbGciOiJFU...",
  "auth_method": "OTP",
  "expires_in": 3600, // expiry in seconds
  "id_token": "eyJhbGciOiJFUzI1N...",
  "token_type": "Bearer"
}

Note that this does not return a new refresh_token

Renewing Expired Refresh Token

When your refresh_token is expired, you have to re-authenticate your user. If you're using Trusted Devices and the current device is a trusted device, you can simply request authentication silently, in the background.

🗝️ Getting Access Token - Previous
Storing and Removing Tokens
Next - 🗝️ Getting Access Token
Verifying JWT Tokens
Last updated 3 months ago
Contents
Renewing Tokens using the SDK
Renewing Tokens using Refresh Token
post
Get Token using Refresh Token
Renewing Expired Refresh Token