API Reference

Refresh User Token

Refresh User Token

Use this API to refresh the id_token and the access_token for the end user.

🚧

Limit

The refresh token can be used only once. If it has expired a new API call will need to be made.

Call

curl --request POST
  --url https://api.ezid.io/verify/otp \
  --header 'Content-Type: application/json' \
  --data {
   client_id: "your_client_id",
   client_secret: "your_client_secret",
   refresh_token: "68d62141-986b-462a-8715-a5783064d54e"
}

const fetch = (...args) => import('node-fetch').then(({default: fetch}) => fetch(...args));');

let url = 'https://api.ezid.io/send/otp';

let options = {
  method: 'POST',
  headers: {'Content-Type': 'application/json'},
  body: {
   client_id: "your_client_id",
   client_secret: "your_client_secret",
   refresh_token: "68d62141-986b-462a-8715-a5783064d54e"
	}
};

fetch(url, options)
  .then(res => res.json())
  .then(json => console.log(json))
  .catch(err => console.error('error:' + err));
AttributesDefinition
client_id* Your companies unique ID, provided by EZiD
client_secret*You companies unique secret, provided by EZiD
refresh_tokenA valid refresh token returned to refresh your users browsing session

📘

Please note: the refresh_token required for this API call is as a part of the /verify API call.

Responses:

{
  access_token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzYWF0dmlrcnVkcmFwYXRuYUBnbWFpbC5jb20uZXppZC5pby83ZWM2MDJlNGQyZGIxMzQ3OTVhMzRjMDM4MDlmNzNlNiIsImlzcyI6Imh0dHBzOi8vZXppZC5pbyIsImF6cCI6IjdlYzYwMmU0ZDJkYjEzNDc5NWEzNGMwMzgwOWY3M2U2Iiwic2NvcGUiOiJvcGVuaW2gYWxsb3c6aW52aXRlIiwiY3VzdG9tX2NsYWltcyI6eyJyb2xlIjoicmVhZC1vbmx5LXVzZXIiLCJ0ZXN0IjoiZnJvbSBzZW5kIGVuZHBvaW50In0sImlhdCI6MTY0NTYwNzcyNSwiZXhwIjoxNjQ1NjQzNzI1fQ.Ucgo3lV6yGyB3odZPf8sgojGah9xsEO-EzNbNFoAAxVOwl-naS--ZN4mm9B8sZgAi-WIJOGC7LJFPhHI2ZwTp0oucIEljh_MT6GLWK8V7SJLgQP1XWgIZfpqqa0S0ppVKbh8VqN5DInsXgWUDI5GbVvEmmpFcPh58JsZAMjKcmo5CYF-epbWqlmxc8GnUFBAsIN2CHwWLEKm6AA_F9CTKWqHO94Qj5cno2FWEELT_3NYcP0vEV9VS-HIhjz-TA0D0MJ0Ujxy5ygzFmt08BJZbqk9zm2ujc-dB28IE_av1dubb-w03nYyvD-8eNaC8_veJrJ149dRpltlJeW0ZffHnGBr9fKlkDisToPfNZItP2vTk0wZTuDcjGU9LQETfZeqN9y8q9HKRSnO6mk0InwePAxpMFFefH0k1nL5ApisUSHFPwDfsf5RtQxT6irlLKvY0y0aCtS-KiGL8Pm1Uj4B1jwwhk9uTwzLVW_kynaQ8iYXY8jnDqjOSVIvVHWwM8_bqBx_xodpdJfaSUMeCZhwj0LeoCVE6Cl6XxRn_g2MKXbha9WXFFjOausleJlsUlM1dPty-Kblj1Uu4g-ktzoEhN3ZyeWIxifNGQqAudnsXYwUA-4byXmy7gc_HQqyXEmoH_9OjY7sy8LQ5QIKvDMf3Hzn0zdx779qiQWFdOv2dj8",
  id_token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzYWF0dmlrcnVkcmFwYXRuYUBnbWFpbC5jb20uZXppZC5pby83ZWM2MDJlNGQyZGIxMzQ3OTVhMzRjMDM4MDlmNzNlNiIsImlzcyI6Imh0dHBzOi8vZXppZC5pbyIsImVtYWlsIjoic2FhdHZpa3J1ZHJhcGF0bmFAZ21haWwuY29tIiwicHJveHlfZW1haWwiOiJzYWF3dmlrcnVkcmFwYXRuYUBnbWFpbC5jb20iLCJub25jZSI6IjRkY2YzMjgyLTliNzYtNGMzZi04OWM3LWJmY2JiMGQxYzg0YiIsImlhdCI6MTY0NTYwNzcyNSwiZXhwIjoxNjQ1NjQzNzI1fQ.e5sKc91l4rowqHSEgPDnrh5HGjggWvnYm1YKsxWzJFDG6DGAfmjdiUlZFbhXqKDaipvCd3jmhV63S5RSa7wFHhFpxn_k6baeRrEs_LZOdk7mc--hJWsQaX_CGpZ_CnaaQxh0M-CqWgnTnMdIHpwSKL59lvjpiNZ68PyvPiK4x37bRpKBQiiekqpqrhJ5wbjdGKkdIaOoS7dwHGNPsQcvWKN3GjcamxI9j-tpnff3Rj1It7ZtqITIvg9nIDNKtk--FSPPBbt_Jk0ksMZjstfjcsnbiW-cJW8E4HEhfbL2qUmgqPQMVYrmq-pTuXYq04nfru_o_cTeVGX-DN5aQcsqM6cQImJ5bBRqqGKTV0NhiFSIpFig7KUI9BMbi6vpDGFeYJNSIALTvrzHi4hB99LOv6shXY5lsHrDi2WJUESWzuBmODoUbBZDTo__4JtliLaY-uOu67lLG4iaX4kbD-tranDOE5QrWPiDe3NoKxam1l_5_2h3zRyPMLAIi-qScVA_s0_rAYYBih5QdgHnidOgHesv_DmP7SQt549TaYNxjOGAGq0K_yLkPpHRj3iTi8Zp_pSE1S-Qn7IAZ3WdcnoXz1QVprMlBAKhpaQ531Hh6HHltJrHy83axRXabTb-LhctXq5YQ8zbTBfw7e_DbYSaGc-_3LA-YELcr4cYucbHvC0",
  refresh_token: "d71d7f03-0eca-4de2-b48d-a888d0de75d7",
}

{
  success: false,
  reason: "Client is not registered"
}

{
  success: false,
  reason: "invalid refresh token"
}
AttributesDefinition
access_tokenThis is the access token of the user. It is a token that contains private information about the user and their access rights. This should be stored securely such that it is not exposed.
id_tokenThis is the ID token of the user. It is a token that contains their number amongst other details. This should be stored by the front-end of your application, and validated when the user tries to access protected resources
refresh_tokenThe new refresh token. This can be used again for calling this endpoint