Before you start

Before you proceed with Managing JWT Tokens, make sure that you have completed the following steps:

What is a Refresh token

Along with your access token (access_token), you receive a refresh_token during authentication. A refresh token is a credential used to obtain new access tokens without requiring you to re-authenticate. It remains valid even after the access token expires, enabling seamless session continuity:

Access token validity: The access token is typically valid for a limited time (e.g., 3600 seconds).
Refresh token: Used to request a new access token when the current one expires.

How to refresh a token

To refresh a token, use the Refresh a Service Account Token method and follow the steps below:

Have your refresh token ready: Ensure you have the refresh_token from your previous authentication response.

Send a POST request to the /auth/token/refresh endpoint:

Endpoint:\

POST https://secure.sandbox.paymentsgate.io/auth/token/refresh

Headers:\

Content-Type: application/json
Authorization: Bearer YOUR_ACCESS_TOKEN

Request body:\

{
  "refresh_token": "YOUR_REFRESH_TOKEN"
}

Example request:\

curl --request POST \
  --url 'https://secure.sandbox.paymentsgate.io/auth/token/refresh' \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...' \
  --data '{
    "refresh_token": "8xLOxBatCN8fDrMHtkX1uDgeHxWxhoJDl..."
  }'

Successful response:
If the refresh_token is valid, you will receive a new pair of tokens along with the token’s validity period:
```
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "8xLOxBatCN8fDrMHtkX1uDgeHxWxhoJDl...",
  "expires_in": 3600
}
```
- access_token: Use this token in the Authorization header for subsequent API requests.
- refresh_token: Use this to obtain a new access token when the current one expires.
- expires_in: Indicates the number of seconds the access token is valid (e.g., 3600 seconds).

For more detail, please see the Auth API methods.