Skip to main content

Refreshing the Access Token

The access token returned by NavVis IVION is an expiring JSON web token (JWT) which must be refreshed (replaced) before its expiration timestamp to ensure uninterrupted use. Refresh the access token by using a refresh token which is returned along with the initial access token when the login mandate is exchanged for credentials.

The JWTs used by NavVis IVION are Base64 encoded JSON objects that are split into 3 dot separated segments as shown here:

[segment_1].[segment_2].[segment_3]

Segment 2 contains the token's expiration timestamp. The Base46 decoded version of segment 2 contains an object of the type shown below.

{
	"type": string, 
	"provider": string, 
	"tokenType": string, 
	"sub": string, 
	"exp": number, 
	"iat": number
}
The field of interest (exp) contains a UNIX timestamp with the token's expiration.
Refresh the access token by using the following endpoint:
POST {instance_url}/api/auth/refresh_access_token
Request Body: 
{
	"refresh_token": string
}
Response Code & Status:
200 OK
Response Body:
{
	"access_token": string, 
	"principal": 	
	{
		"username": string, 
		"first_name": string | null, 
		"last_name": string | null,
		... 
	}, 
	...
}
The refresh token itself also has an expiration and it may or may not be possible to get a new one depending on the instance configuration. If the refresh token cannot be updated, once it expires, the user should be prompted to log in again.
If the refresh token can be updated, renew it by using the endpoint below:
POST {instance_url}/api/auth/update_refresh_token
Request Body:
{
	"refresh_token": string
}
Response Code & Status:
200 OK
Response Body: 
{
	"refresh_token": string, 
	... 
}
Note: The provided refresh token must be valid and not expired.