All Collections
Next-gen data model
Data API
Data API refresh tokens
Data API refresh tokens

Extend active sessions for the Data API by refreshing tokens.

Updated over a week ago

Requesting data through the Data API can be available to everyone (public data) or only to authorised users (private data). For the second group, a valid access token is required. With the new refresh token flow for the Data API, users can extend their active sessions, instead of starting a new one.

Data API consumers with JWT, can now use a refresh token flow to extend the access token expiration, instead of having to login again every time a JWT is expired.

Refresh token

The login mutation has been updated to return a refreshToken:

mutation login{
     login(
     username: "<username>", 
     password: "<password>", 
     authProfileUuid: "<authProfileUuid>"
     ){
       isValid
       jwtToken
       refreshToken
     }
}

This token can be used in a new mutation refreshToken with the purpose of extending your login by returning a new access token jwtToken. Be aware, that for security reasons the refreshToken can only be used once, and the user will receive a new one after the mutation has been completed:

mutation refresh{
     refreshToken(
     token: "<refreshToken>"
     ){
       isValid
       jwtToken
       refreshToken
       refreshExpiresIn
     }
}



Revoking a token

A refreshToken can be also revoked at any time, using the revokeRefreshToken mutation:

mutation revoke{
     revokeRefreshToken(
     token: "<refreshToken>"
     ){
       removed
       refreshId
     }
}

➝ Next article: Data API Access & Refresh token lifetimes

Related Articles
Data API queries
Data API access & refresh token lifetimes
Betty Blocks Data API
Getting started with the data API
Triggering next-gen actions via an API call
Did this answer your question?