Is there a way to “Refresh” a token once it has expired?
The default time a token lasts is 30 minutes, you can change that but is it possible to simply refresh a token that is expiring?
Really just a yes or no question.
Thanks.
Answer
Question on rest token management
+17Best answer by Stuart Painter
Hi
I did a quick follow up with Development just to be sure I wasn’t missing anything.
Development have provided this API, which might be just what you’re looking for:
https://api.commvault.com/#fd997305-1eaa-493c-b5bf-bf0416fc44bc
POST RenewLoginToken
http://WebConsoleHostName/webconsole/api/RenewLoginToken
This operation renews and returns a new session token by providing the expired token
Request Body
| Name | Description |
|---|---|
| sessionId | Authtoken which needs to be renewed |
| deviceId | Device name from where login API was called. Note: Same deviceId must be passed in POST /Login API during login |
HEADERS
Accept: application/json
Content-Type: application/json
BODY raw
{
"sessionId": "{{ExpiredTOKEN}}",
"deviceId": "{{LoggedInDeviceName}}"
}
Apologies if we’ve gone around the houses to get here.
Thanks,
Stuart
I blame auto-correct for all misspellings, grammatical errors, and half-baked opinions.
If you have a question or comment, please create a topic
- Vaulter
Hi
A REST API token will expire after 30 minutes of no activity.
So, if you continue to execute API calls, the token will remain valid.
Rather than request a refresh, you can always simply request a new token, which will allow the subsequent API calls to execute.
If this doesn’t help, maybe you can provide some extra context for the task you’re looking to perform and we can think on some strategies to help.
Thanks,
Stuart
Customer Support
+17Hi
A REST API token will expire after 30 minutes of no activity.
So, if you continue to execute API calls, the token will remain valid.
Rather than request a refresh, you can always simply request a new token, which will allow the subsequent API calls to execute.
If this doesn’t help, maybe you can provide some extra context for the task you’re looking to perform and we can think on some strategies to help.
Thanks,
Stuart
Thank you Stuart,
I wrote a powershell class that stores the token within the class instance. subsequent rest calls use the embedded token that is created when the class is instantiated.
The way the class is currently written it takes a pscredential object when instantiated.
The pscredential object is not saved in the class.
That means that if I want to be able to refresh the token I could just add a method to refresh the token.
Otherwise I need to rewrite the class to save the pscredential object so that I can reauthenticate.
The alternatives are to set a really high token lifetime, or to track time between requests.
I have seen some rest implementations that allow a token refresh for previously valid tokens.
That’s why I asked.
I blame auto-correct for all misspellings, grammatical errors, and half-baked opinions.
- Vaulter
Hi
I don’t think there’s a specific method to refresh the token.
Let’s assume know a token is expired due to the timeout period exceeded, sending an authentication request would effectively give you a new token.
You could set a long timeout period and continue to use that token for the duration.
Or, you could monitor for response codes and do some error handling on:
| 401 | Unauthorized | The request did not include an authentication token or the authentication token was expired. |
If you receive a response for unauthorized (assume token expired), then perform a re-auth and replace the token.
Maybe a balanced approach with a reasonable duration token and some handling on the expired token status?
Thanks,
Stuart
+17Hi
I don’t think there’s a specific method to refresh the token.
Let’s assume know a token is expired due to the timeout period exceeded, sending an authentication request would effectively give you a new token.
You could set a long timeout period and continue to use that token for the duration.
Or, you could monitor for response codes and do some error handling on:
| 401 | Unauthorized | The request did not include an authentication token or the authentication token was expired. |
If you receive a response for unauthorized (assume token expired), then perform a re-auth and replace the token.
Maybe a balanced approach with a reasonable duration token and some handling on the expired token status?
Thanks,
Stuart
Understood.
Having the token refresh would have been working on easy mode so I was just hoping it was an option.
Thanks.
- Vaulter
- Answer
Hi
I did a quick follow up with Development just to be sure I wasn’t missing anything.
Development have provided this API, which might be just what you’re looking for:
https://api.commvault.com/#fd997305-1eaa-493c-b5bf-bf0416fc44bc
POST RenewLoginToken
http://WebConsoleHostName/webconsole/api/RenewLoginToken
This operation renews and returns a new session token by providing the expired token
Request Body
| Name | Description |
|---|---|
| sessionId | Authtoken which needs to be renewed |
| deviceId | Device name from where login API was called. Note: Same deviceId must be passed in POST /Login API during login |
HEADERS
Accept: application/json
Content-Type: application/json
BODY raw
{
"sessionId": "{{ExpiredTOKEN}}",
"deviceId": "{{LoggedInDeviceName}}"
}
Apologies if we’ve gone around the houses to get here.
Thanks,
Stuart
Customer Support
+17GENIUS!!!
Thank you.
This will save me a ton of time.
Thanks, Again.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.