{"id":6319,"date":"2025-07-03T11:49:40","date_gmt":"2025-07-03T11:49:40","guid":{"rendered":"https:\/\/support.alfaview.com\/?page_id=6319"},"modified":"2025-07-03T11:50:27","modified_gmt":"2025-07-03T11:50:27","slug":"subsequent-authentication-with-refresh-token","status":"publish","type":"page","link":"https:\/\/cp-prod-wordpress.alfa.sx\/de\/developers\/request-your-api-credentials\/usage-examples\/subsequent-authentication-with-refresh-token\/","title":{"rendered":"Nachtr\u00e4gliche Authentifizierung mit Refresh Token"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"summary\">Summary<a href=\"#summary\" class=\"av-heading-anchor\"><i class=\"bi bi-link\"><\/i><\/a><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Retrieve and store refresh token from response header of initial authentication<\/li>\n\n\n\n<li>Generate an access token from the refresh token<\/li>\n\n\n\n<li>Use access token for subsequent API operations<\/li>\n\n\n\n<li><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\"><code>companyId<\/code><\/mark> is required<\/li>\n\n\n\n<li>Required API calls: <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\"><code>authenticationService\/authenticate<\/code><\/mark><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"step-1-extract-refresh-token\">Step 1: Extract refresh token<a href=\"#step-1-extract-refresh-token\" class=\"av-heading-anchor\"><i class=\"bi bi-link\"><\/i><\/a><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Upon successful initial authentication the refresh token will be issued in the set-cookie response header of the authentication request<\/li>\n<\/ul>\n\n\n\n<p><strong>Response header set-cookie example<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The refresh token is the value of the <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\"><code>auth<\/code><\/mark> key<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>auth=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX; Path=\/;\nDomain=app.alfaview.com; Expires=Sat, 19 Nov 2022 15:18:15 GMT; HttpOnly;\n Secure<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"step-2-store-refresh-token\">Step 2: Store refresh token<a href=\"#step-2-store-refresh-token\" class=\"av-heading-anchor\"><i class=\"bi bi-link\"><\/i><\/a><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Browser based applications use cookies to store the refresh token<\/li>\n\n\n\n<li>Other applications may use operating system specific solutions, such as the Data Protection API on Windows or the KeyChain Access on macOS<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"step-3-generate-access-token-from-refresh-token\">Step 3: Generate access token from refresh token<a href=\"#step-3-generate-access-token-from-refresh-token\" class=\"av-heading-anchor\"><i class=\"bi bi-link\"><\/i><\/a><\/h2>\n\n\n\n<p><strong>Request <\/strong><button class=\"av-button av-button--error\">POST<\/button> to <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\"><code>https:\/\/apis.alfaview.com\/json\/v1\/authenticationService\/authenticate<\/code><\/mark> including a <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\"><code>COOKIE<\/code><\/mark> with key <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\"><code>auth<\/code><\/mark> and value of the refresh token<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>{\n  \"requestId\": \"### REQUEST ID ###\",\n  \"refreshTokenCredentials\": {\n  \"companyId\": \"### COMPANY ID ###\",\n  }\n}\n<\/code><\/pre>\n\n\n\n<p><strong>Response<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>{\n  ...\n  \"accessToken\": \"...\",\n  \"expiresAt\": \"...\",\n  ...\n}\n<\/code><\/pre>\n\n\n\n<p><strong>Notes<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A refresh token is always tied to a <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\"><code>companyId<\/code><\/mark>. Store them as a pair.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Summary Retrieve and store refresh token from response header of initial authentication Generate an access token from the refresh token Use access token for subsequent API operations companyId is required Required API calls: authenticationService\/authenticate Step [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":0,"parent":3170,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-6319","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/cp-prod-wordpress.alfa.sx\/de\/wp-json\/wp\/v2\/pages\/6319","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cp-prod-wordpress.alfa.sx\/de\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/cp-prod-wordpress.alfa.sx\/de\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/cp-prod-wordpress.alfa.sx\/de\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/cp-prod-wordpress.alfa.sx\/de\/wp-json\/wp\/v2\/comments?post=6319"}],"version-history":[{"count":2,"href":"https:\/\/cp-prod-wordpress.alfa.sx\/de\/wp-json\/wp\/v2\/pages\/6319\/revisions"}],"predecessor-version":[{"id":6320,"href":"https:\/\/cp-prod-wordpress.alfa.sx\/de\/wp-json\/wp\/v2\/pages\/6319\/revisions\/6320"}],"up":[{"embeddable":true,"href":"https:\/\/cp-prod-wordpress.alfa.sx\/de\/wp-json\/wp\/v2\/pages\/3170"}],"wp:attachment":[{"href":"https:\/\/cp-prod-wordpress.alfa.sx\/de\/wp-json\/wp\/v2\/media?parent=6319"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}