API: Renew an access token

00001012050400 · Info · (manual) · #api #manual #zettelstore

An access token is only valid for a certain duration. Since the authentication process will need some processing time, there is a way to renew the token without providing full authentication data.

Send a HTTP PUT request to the endpoint /a and include the current access token in the Authorization header:

# curl -X PUT -H 'Authorization: Bearer TOKEN' http://127.0.0.1:23123/a
{"access_token":"eyJhbGciOiJIUzUxMiJ9.eyJfdGsiOjEsImV4cCI6MTYwMTczMTI3NSwiaWF0IjoxNjAxNzMwNjc1LCJzdWIiOiJhYmMiLCJ6aWQiOiIyMDIwMTAwMzE1MDEwMCJ9.ekhXkvn146P2bMKFQcU-bNlvgbeO6sS39hs6U5EKfjIqnSInkuHYjYAIfUqf_clYRfr6YBlX5izii8XfxV8jhg","token_type":"Bearer","expires_in":456}

You may receive a new access token, or the current one if it was obtained not a long time ago. However, the lifetime of the returned access token is accurate.

If authentication is not enabled and you send a renew request, no checking is done and you receive an artificial token immediate, without any delay:

# curl -X PUT -H 'Authorization: Bearer freeaccess' http://127.0.0.1:23123/a
{"token":"freeaccess","token_type":"Bearer","expires_in":316224000}

In this case, it is even possible to omit the access token.

HTTP Status codes

200
Renew process was successful, the body contains an appropriate JSON object.
400

The renew process was not successful. There are several reasons for this. Maybe access bearer token was not valid.

Probably you should authenticate again with user identification and password.