Requesting data through the Data API can be available to everyone (public data) or only to authorised users (private data). For the second group, a valid access token is required. With the new refresh token flow for the Data API, users can extend their active sessions, instead of starting a new one.
Data API consumers with JWT, can now use a refresh token flow to extend the access token expiration, instead of having to login again every time a JWT is expired.
The login mutation has been updated to return a refreshToken:
This token can be used in a new mutation refreshToken with the purpose of extending your login by returning a new access token jwtToken. Be aware, that for security reasons the refreshToken can only be used once, and the user will receive a new one after the mutation has been completed:
Revoking a token
A refreshToken can be also revoked at any time, using the revokeRefreshToken mutation:
➝ Next article: Data API Access & Refresh token lifetimes