All Collections
Next-gen data model
Data API
Data API refresh tokens
Data API refresh tokens
Extend active sessions for the Data API by refreshing tokens.
Betty Blocks avatar
Written by Betty Blocks
Updated over a week ago

Requesting data through the Data API can be available to everyone (public data) or only to authorised users (private data). For the second group, a valid access token is required. With the new refresh token flow for the Data API, users can extend their active sessions, instead of starting a new one.

Data API consumers with JWT, can now use a refresh token flow to extend the access token expiration, instead of having to login again every time a JWT is expired.

Refresh token

The login mutation has been updated to return a refreshToken:

mutation login{
     login(
     username: "<username>", 
     password: "<password>", 
     authProfileUuid: "<authProfileUuid>"
     ){
       isValid
       jwtToken
       refreshToken
     }
}

This token can be used in a new mutation refreshToken with the purpose of extending your login by returning a new access token jwtToken. Be aware, that for security reasons the refreshToken can only be used once, and the user will receive a new one after the mutation has been completed:

mutation refresh{
     refreshToken(
     token: "<refreshToken>"
     ){
       isValid
       jwtToken
       refreshToken
       refreshExpiresIn
     }
}



Revoking a token

A refreshToken can be also revoked at any time, using the revokeRefreshToken mutation:

mutation revoke{
     revokeRefreshToken(
     token: "<refreshToken>"
     ){
       removed
       refreshId
     }
}

โž Next article: Data API Access & Refresh token lifetimes

Did this answer your question?