--- title: refresh token description: POST /api/refreshToken.do: Refresh token interface description, including path, method, parameters and return information. slug: api-post-api-refreshtoken-do lang: en category: Authentication API category_order: 8 order: 103 api_method: POST api_path: /api/refreshToken.do api_label: refresh token keywords: - API - refresh token - /api/refreshToken.do --- # Refresh token | Properties | Values | | --- | --- | | HTTP method | `POST` | | Interface path | `/api/refreshToken.do` | | Category | Authentication API | ## Interface description Interface path: `/api/refreshToken.do` HTTP method: `POST` **HTTP method:** `POST` #### HTTP Header This interface uses Basic Auth to verify client information. The specific method is to add something like "Authorization: Basic xxxxxxxxx" in the header. Among them "xxxxxxxxx" is calculated through client_id and client_secret. The specific algorithm is Base64Encode(client_id + ":" + client_secret) #### URL parameters Parameter name Comment (description) grant_type (required) must be refresh_token string refresh_token (required) is the refresh_token string obtained in interface 2 For example: /api/refreshToken.do?grant_type=refresh_token&refresh_token=xxx Return results access_token interface access identification, refresh_token is used to refresh access_token, valid for 30 days The validity time of expires_in access_token is 3600, the unit is s ## 3. File access API All interfaces need to carry access_token in the HTTP header when accessing. For interfaces containing request parameters, usually some POST, PUT or DELETE interface, you also need to set Content-Type to specify the format of the parameters. If you need to access different versions of the API, you need Specify a specific version on the request path. If you need to return a response body in a different format, you also need to set Accept. All parameters should be This should use utf-8 encoding. ## Call instructions - Before calling, you need to complete [Get token](api-post-api-token-do.md) or the corresponding login-free authentication, and carry `Authorization: Bearer ` in the request header. - If there are differences in parameters and return fields due to deployment versions, the actual private cloud API documents and joint debugging results should prevail. - Category: Authentication API.