Developer FAQ

App token has expired!
What do I do if my token was expired?

Along with your access token, an authentication token is created. It's called the refresh token . It's a longer lived token, that it's associated to an access token and can be used to create a replica of your expired access token. You can then use that new access token normally. To use your refresh token you will need to make a request against /simple-oauth/refresh providing the header Authorization: Bearer {YOUR REFRESH TOKEN}. That will return a JSON document with the new token. That URL can only be accessed with your refresh token, even if your access token is still valid.

What do I do if my refresh token was also expired?

Then you will need to log into Drupal and go to your profile page to generate a new token from scratch. You can avoid this by refreshing your access token before your refresh token expires. This way you avoid the need to require the user to go to Drupal to create a new token.

Another way to mitigate this is to use longer expiration times in your tokens. This will work, but the the recommendation is to refresh your token in time.

We Love Developers

You've came this far, we appreciate that... :)

Quick Links