Step 3 — Renew or revoke access token

Once your access token expires, you can renew it. On the other hand, in some circumstances you may need to revoke access — such as for testing purposes or due to security concerns.

Renew an access token

To renew your access token, simple request a new one. You don’t have to include your old token in the /oauth2/token call.

curl --location 'https://api.samsungknox.com/ams/v1/oauth2/token' \
     --header 'Content-Type: application/x-www-form-urlencoded' \
     --data-urlencode 'grant_type=client_credentials' \
     --data-urlencode 'client_id={OAUTH2_CLIENT_ID}' \
     --data-urlencode 'client_secret={OAUTH2_CLIENT_SECRET}' \
     --data-urlencode 'scope={Required Scope}'

Remember to replace the placeholders with your actual values. A sample response is shown below:

{
  "access_token":"abc123...abc123",
  "scope":"kai",
  "expires_in": 599,
  "token_type":"Bearer"
}

Make sure to store your access token in a safe place.

Revoke an access token

You can revoke access to Knox cloud services APIs. A sample request is shown below. Replace the placeholders with your actual values. The token value must be set to the access token. Following revocation, the access token becomes invalid immediately.

For example:

curl --location 'https://api.samsungknox.com/ams/v1/oauth2/revoke' \
     --header 'Accept: application/json' \
     --header 'Content-Type: application/x-www-form-urlencoded' \
     --data-urlencode 'client_id=a1b23456c7' \
     --data-urlencode 'client_secret=Ab1...DEfG' \
     --data-urlencode 'token=A1B...cDEF'

The response body is empty if the request is successful. If there is an error, the call returns an error message in JSON format, as shown in the following response sample:

{
  "error": "invalid_client"
}

For more information, see the Knox OAuth 2.0 Authentication API reference.