OAuth Tokens API

HTTP Requests for handling Access Token, ID Token, and Refresh Tokens

Renewing Tokens using Refresh Token

If Cotter's SDK doesn't support auto renewal, or if you you need to renew the tokens manually, you can make an HTTP request to Cotter's Server to renew the tokens using a refresh_token.

curl -XPOST \
-H 'API_KEY_ID: <YOUR API KEY ID>' \
-H "Content-type: application/json" \
-d '{
  "grant_type": "refresh_token",
  "refresh_token": "<REFRESH_TOKEN>"
}' 'https://www.cotter.app/api/v0/token/<YOUR API KEY ID>'

Get Token using Refresh Token

POST https://www.cotter.app/api/v0/token/<YOUR API KEY ID>

Getting new access_token and id_token using refresh_token

Path Parameters

Name Type Description

Name	Type	Description
API_KEY_ID	string	Your `API_KEY_ID`

API_KEY_ID

string

Your API_KEY_ID

Headers

Name Type Description

Name	Type	Description
Content-type	string	application/json
API_KEY_ID	string	Your `API_KEY_ID`

Content-type

string

application/json

API_KEY_ID

string

Your API_KEY_ID

Request Body

Name Type Description

Name	Type	Description
grant_type	string	Grant type is `refresh_token`
refresh_token	string	Your `refresh_token`

grant_type

string

Grant type is refresh_token

refresh_token

string

Your refresh_token

{
  "access_token": "eyJhbGciOiJFU...",
  "auth_method": "OTP",
  "expires_in": 3600, // expiry in seconds
  "id_token": "eyJhbGciOiJFUzI1N...",
  "refresh_token": "234:w3tlkw3jtwk...", // NEW refresh token
  "token_type": "Bearer"
}

Refresh Token Rotation

Note that this returns a new refresh_token and invalidates the old refresh_token

PreviousUser Object NextVerify JWT Token using API (serverless)

Last updated 3 years ago