Comment on page
Getting a Refresh Token
This guide covers the OAuth 2.0 refresh token mechanism.
This guide walks you through the steps of refreshing an access token for making RESTful API calls to ProcessMaker. Access tokens typically have a limited lifespan, and once they expire, they need to be refreshed using a refresh token. This guide assumes you already have a refresh token. If not, refer to the "How to Get an Access Token" guide.
Python
Node.js
Postman
cURL
Before starting, ensure you have the necessary Python libraries installed. You'll need
requests for making HTTP requests.You can install it via pip:
pip install requests
Use the following Python code to refresh your access token:
import requests
# Define the token endpoint
token_url = "https://<your-instance>.processmaker.net/oauth/token"
# Define the payload
payload = {
"grant_type": "refresh_token",
"refresh_token": "<your-refresh-token>",
"client_id": "<your-client-id>",
"client_secret": "<your-client-secret>"
}
# Make the POST request
response = requests.post(token_url, data=payload)
token_info = response.json()
# Print the new access token
print(f'New Access Token: {token_info["access_token"]}')
Don't forget!
Replace:
<your-instance>with your actual ProcessMaker instance URL.<your-refresh-token>with the refresh token you received when you first obtained your access token.<your-client-id>and<your-client-secret>with the client ID and secret of your application.
After executing the script, you should receive a new access token and possibly a new refresh token. Store these securely, as you'll need the access token for future API requests and the refresh token for future token refreshes.
Refreshing your access token is an essential step in maintaining uninterrupted access to the ProcessMaker API. By using Python and the
requests library, you can easily and efficiently refresh your token. Always ensure you handle your tokens securely, as they are vital for maintaining secure communication with the API.Before starting, ensure you have the necessary Node.js libraries installed. You'll need
axios for making HTTP requests.You can install it via npm:
npm install axios
Use the following Node.js code to refresh your access token:
const axios = require('axios');
// Define the token endpoint
const token_url = "https://<your-instance>.processmaker.net/oauth/token";
// Define the payload
const payload = {
grant_type: "refresh_token",
refresh_token: "<your-refresh-token>",
client_id: "<your-client-id>",
client_secret: "<your-client-secret>"
};
// Make the POST request
axios.post(token_url, payload)
.then(response => {
console.log(`New Access Token: ${response.data.access_token}`);
})
.catch(error => {
console.error('Error refreshing token:', error.response.data);
});
Don't forget!
Replace:
<your-instance>with your actual ProcessMaker instance URL.<your-refresh-token>with the refresh token you received when you first obtained your access token.<your-client-id>and<your-client-secret>with the client ID and secret of your application.
After executing the script, you should receive a new access token and possibly a new refresh token. Store these securely, as you'll need the access token for future API requests and the refresh token for future token refreshes.
Refreshing your access token is an essential step in maintaining uninterrupted access to the ProcessMaker API. By using Node.js and the
axios library, you can easily and efficiently refresh your token. Always ensure you handle your tokens securely, as they are vital for maintaining secure communication with the API.
If you navigated to this guide before creating your client application, you first need to do so. If you already have your client ID and client secret, proceed to step 3.
Open Postman and click on the + button to create a new tab. Then, click on the Authorization tab.
For the refresh token grant type, follow these steps:
Refresh Token Grant
- Type: Choose OAuth 2.0 from the drop-down.
- Add auth data to: Choose Request Headers.
- Configure New Token:
- Token Name: Any name for your reference.
- Grant Type: Refresh Token.
- Access Token URL: The token URL of the OAuth server.
- Refresh Token: The refresh token you received when you first obtained your access token.
- Client ID: The client ID of your OAuth application.
- Client Secret: The client secret of your OAuth application.
- Scope: The scope of the access request (if any).
- Client Authentication: Send as Basic Auth header.
- Click "Get New Access Token". The new access token will be automatically filled in the Access Token field.
After obtaining the refreshed access token, Postman will automatically add the
Authorization: Bearer <access-token> header to your requests. You can now continue making requests to the API using the refreshed access token.Remember: Always protect your client secret, refresh tokens, and access tokens. These grant access to the API and should be treated with the same care as passwords.
That's it! You now know how to refresh an access token using OAuth 2.0 in Postman. Regularly refreshing your access token ensures uninterrupted access to the ProcessMaker API.
Execute the following command in your terminal:
curl -X POST "https://<your-instance>.processmaker.net/oauth/token" \
-d "grant_type=refresh_token&refresh_token=<your-refresh-token>&client_id=<your-client-id>&client_secret=<your-client-secret>"
Replace:
<your-instance>with your actual ProcessMaker instance URL.<your-refresh-token>with the refresh token you received when you first obtained your access token.<your-client-id>and<your-client-secret>with the client ID and secret of your application.
After executing the command, you should receive a response from the server. This will provide a new access token and possibly a new refresh token. Store these securely, as you'll need the access token for future API requests and the refresh token for future token refreshes.
Refreshing your access token is a crucial step in maintaining uninterrupted access to the ProcessMaker API. By using the
curl command, you can easily and efficiently refresh your token directly from the command line. Always ensure you handle your tokens securely, as they are vital for maintaining secure communication with the API.Last modified 2mo ago