How It Works

To refresh an access_token, follow these steps:

Set the grant_type parameter to "refresh_token".
Provide a valid refresh_token in the request body.
Send a POST request to the endpoint: OAuth2.0 endpoint.

The system will validate the provided refresh_token and return a new access_token if the request is successful. This ensures uninterrupted access to the system.

Endpoint Description

Endpoint Details

HTTP Method: POST
URL: https://api.vault.ist/v2.0/reference/gettoken
Headers:
- Content-Type: application/json

Request Specification

Required Parameters

Name	Type	Required	Description
`grant_type`	`string`	Yes	Must be set to `"refresh_token"`.
`refresh_token`	`string`	Yes	Token obtained during initial authentication.

Example Request Body

{
  "grant_type": "refresh_token",
  "refresh_token": "eyJraWQiOiJmODAyNjg0OC1mNTJkLTRmY"
}

Response Specification

Successful Response

HTTP Status: 200 OK
Example Response Body:

{
  "access_token": "eyJraWQiOiJmODAyNjg0OC1mNTJkLTRmY",
  "token_type": "Bearer",
  "refresh_token": "eyJraWQiOiJmFGGghrwghhnEGFGrehrnjdf7653kFZ_uusa3WYE",
  "scope": "accounts:create accounts:read ... withdraw_other_account:show",
  "expires_in": 86400,
  "user_id": "usr:b06d9aaa-4310-4c0d-9e5343c1b35"
}

Error Response: Expired Refresh Token

HTTP Status: 401 Unauthorized
Example Response Body:

{
  "status": "UNAUTHORIZED",
  "message": "The Token has expired on 2025-01-01T00:00:00.000Z",
  "traceId": "TraceId unavailable",
  "errors": []
}

Additional Notes

Ensure the provided refresh_token is valid and not expired.
If the refresh_token is expired, the API returns a 401 Unauthorized status.
Refer to the OAuth2.0 Token Service Documentation for more details and usage examples.