Step 2 — Get access and refresh tokens

You can call the POST /oauth2/token operation to get access and refresh tokens in exchange for the authorization code. The following are the default expiration times for these tokens:

• Access token - Short lived, 10 minutes.
• Refresh token - Long lived, 90 days.
• Authorization code - Short lived, 1 minute.

To get a new refresh token before its expiry, see Step 4 – Refresh access token for more information.

The following request sample shows how you can get access and refresh tokens using the authorization code:

curl 
--location 'https://api.samsungknox.com/ams/v1/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'client_id={OAUTH2_CLIENT_ID}' \
--data-urlencode 'client_secret={OAUTH2_CLIENT_SECRET}' \
--data-urlencode 'redirect_uri={REDIRECT_URL_USED_IN_AUTHZ_CODE_REQ}' \
--data-urlencode 'code_verifier={PKCE_CODE_VERIFIER}' \
--data-urlencode 'code={AUTHORIZATION_CODE}'

You receive the access and refresh tokens in the below format. The value of expires_in denotes the number of seconds that the access token is valid for. You need an active access token every time you make Knox cloud services API call.

{
  "access_token":"eyJhbGc..SbHWvZ1w",
  "refresh_token":"fYBll..TT8vmAH",
  "scope":"kai",
  "expires_in": 599,
  "token_type":"Bearer"
}