title: API: Renew an access token
role: manual
tags: #api #manual #zettelstore
syntax: zmk
back: 00001010040700 00001012000000
backward: 00001010040700 00001012000000 00001012920000 00001012921000
box-number: 1
copyright: (c) 2020-present by Detlef Stern <ds@zettelstore.de>
created: 20210126175322
forward: 00001010040100 00001012050200 00001012920000 00001012921000
lang: en
license: EUPL-1.2-or-later
modified: 20251215175724
published: 20251215175724
visibility: public

An access token is only valid for a certain duration.
Since the [authentication process](00001012050200) will need some processing time, there is a way to renew the token without providing full authentication data.

Send an HTTP PUT request to the [endpoint](00001012920000) `/a` and include the current access token in the `Authorization` header:

    # curl -X PUT -H 'Authorization: Bearer TOKEN' http://127.0.0.1:23123/a
    ("Bearer" "eyJhbGciOiJIUzUxMiJ9.eyJfdGsiOjEsImV4cCI6MTY4MTMwNDA4NiwiaWF0IjoxNjgxMzA0MDI2LCJzdWIiOiJvd25lciIsInppZCI6IjIwMjEwNjI5MTYzMzAwIn0.kZd3prYc79dt9efDsrYVHtKrjWyOWvfByjeeUB3hf_vs43V3SNJqmb8k-zTHVNWOK0-5orVPrg2tIAqbXqmkhg" 456)

You may receive a new access token, or the current one if it was obtained not a long time ago.
However, the lifetime of the returned [access token](00001012921000) is accurate.

If [authentication is not enabled](00001010040100) and you send a renew request, no checking is done and you receive an artificial token immediately, without any delay:

    # curl -X PUT -H 'Authorization: Bearer freeaccess' http://127.0.0.1:23123/a
    ("Bearer" "freeaccess" 316224000)

In this case, it is even possible to omit the access token.

# HTTP Status codes