Privicore
  1. OAuth Application
Privicore
  • Privicore API
  • Utility
    • Utility
    • Check server health
      GET
    • Request command id status
      GET
  • Profile
    • Profile Model and Authentication Workflow
    • Register new profile
      POST
    • Authenticate
      POST
    • Retrieve profile id
      GET
    • Change password
      POST
    • Generate qr token for authorization
      POST
    • Reauthorize authorization token
      POST
    • Revoke authorization token
      POST
    • Retrieve token expiry
      POST
  • OAuth Application
    • OAuth Application Management
    • Register OAuth Application
      POST
    • Retrieve OAuth app configuration
      POST
    • Request OAuth app authorization code
      GET
    • Retrieve OAuth app authorization code
      POST
    • Obtain OAuth app access token
      POST
    • OAuth application list
      GET
    • Retrieve OAuth application scope
      GET
    • Refresh OAuth app access token
      POST
  • Public key
    • Public and Private Key Management
    • Generate your private and public keys
      GET
    • Register public key
      POST
    • Retrieve public key
      GET
    • Retrieve CAB public key
      GET
  • Data Token
    • Data Token Management
    • Reserve token space
    • Retrieve temporary data token
    • Exchange data for token
    • Upstream file via stream auth
    • Request data via token
    • Download data
    • Configure information security risk meta
    • Configure file meta
    • List data tokens
    • Update data token
    • Delete data
  • Device
    • Device Management
    • Request unique identifier (i.e. Register new device)
    • Retrieve unique identifier
    • Retrieve profile devices
    • Configure device meta
    • Approve device
    • Reject device
    • Retrieve device configuration
    • Remove device
  • Storage
    • Storage Device Management
    • Register storage device
    • List storage devices
    • Synchronize device
    • Remove storage
  • Verified authenticator
    • Authenticator and Voting Management
    • Register authenticator
    • List verified authenticators
    • Retrieve voting strategy
    • Set quorum size
    • Set quorum strategy
    • Set voting time limit
    • Set maximum voting attempts
    • Remove authenticator
    • Register voting configuration
    • Update voting configuration
    • List voting configurations
    • Retrieve voting configuration
  • Policy
    • List policy templates
    • Register policy
    • List active policies
    • List inactive policies
    • Activate policy
    • Deactivate policy
    • Delete policy
    • List registered policies
    • Retrieve registered policy
  • Directory
    • Register Directory
    • Retrieve owned Directories
    • Retrieve assigned directories
    • Retrieve Directory
    • Create Directory User
    • Update user information
    • Invite Profile
    • Set profile password
    • List Directory Invites
    • Process Invitation
    • Retrieve directory profile
    • List directory users
    • Directory profiles info
    • Create profile device
    • Add storage device to profile
    • List directory devices
    • Create directory voting pool
    • Store directory meta information
  • Voting
    • Create voting
    • Check pool status
  • Schemas
    • Response
      • CommandAccepted
      • Unauthorized
      • ValidationErrors
    • Schemas
    • profileId
    • deviceIdentifier
    • directoryId
    • directoryName
    • directoryShortName
    • givenName
    • familyName
    • createdAt
    • meta
  1. OAuth Application

Refresh OAuth app access token

POST
/oauth-application/refresh-access-token

Refresh OAuth Application Access Token#

Overview#

Obtain a new access token using a refresh token without requiring user re-authorization.

Refresh OAuth Application Access Token#

Endpoint: POST /oauth-application/refresh-access-token
Authentication: Required (Current OAuth Application access token)
Header:
Authorization: Basic {access_token}

Request Parameters#

ParameterTypeRequiredDescription
refresh_tokenstringYesThe refresh token obtained during initial token exchange

Use Case#

When an OAuth Application's access token expires, use this endpoint to obtain a new access token without going through the full authorization flow again. This provides a seamless experience by maintaining access as long as the refresh token remains valid. The refresh token itself has a longer expiration time than access tokens, allowing extended delegated access.
The refresh token must be valid and not expired
After refreshing, store the new access token and use it for subsequent requests
Some implementations may also issue a new refresh token in the response

Request

Header Params

Body Params application/x-www-form-urlencoded

Request Code Samples

Shell
JavaScript
Java
Swift
Go
PHP
Python
HTTP
C
C#
Objective-C
Ruby
OCaml
Dart
R
Request Request Example
Shell
JavaScript
Java
Swift
curl --location --request POST 'https://sandbox.privicore.com:9009/oauth-application/refresh-access-token' \
--header 'Authorization;' \
--data-urlencode 'refresh_token='

Responses

🟢202Success
This response does not have a body.
🟠401401
🟠422422
Modified at 2025-12-09 10:43:30
Previous
Retrieve OAuth application scope
Next
Public and Private Key Management
Built with