Step 2 — Get access and refresh tokens

You can call POST /oauth2/token to get access and refresh tokens in exchange for the authorization code.

Default token expiration

The default expiration times for these tokens are as follows:

• Access token — Short lived, 10 minutes
• Refresh token — Long lived, 90 days
• Authorization code - Short lived, 1 minute

Request and response samples

The following request sample outlines how to get access and refresh tokens using the authorization code:

curl --location 'https://api.samsungknox.com/ams/v1/oauth2/token' \
     --header 'Content-Type: application/x-www-form-urlencoded' \
     --data-urlencode 'grant_type=authorization_code' \
     --data-urlencode 'client_id={OAUTH2_CLIENT_ID}' \
     --data-urlencode 'client_secret={OAUTH2_CLIENT_SECRET}' \
     --data-urlencode 'redirect_uri={REDIRECT_URL_USED_IN_AUTHZ_CODE_REQ}' \
     --data-urlencode 'code_verifier={PKCE_CODE_VERIFIER}' \
     --data-urlencode 'code={AUTHORIZATION_CODE}'

Remember to replace the placeholders with your actual values. You will receive the access and refresh tokens in JSON format, as shown in the following response sample. The value of expires_in denotes the number of seconds that the access token is valid for. You need an active access token every time you a make Knox cloud services API call.

{
  "access_token":"abCdeFg..HiJKlM2o",
  "refresh_token":"aBCl1..DE2fgHI",
  "scope":"kai",
  "expires_in": 599,
  "token_type":"Bearer"
}

Next steps

After receiving the access and refresh tokens, proceed to Step 3 — Call Knox cloud services APIs with access token.