Step 4 — Refresh access token

Last updated June 26th, 2024

In case your access token expires, then you can use the refresh token obtained in Step 2 –Get access and refresh tokens to get another access token to call the Knox cloud services.

Knox authorization server also issues a new refresh token as a result of this request, and the old refresh token is discarded.

When the access token expires, you can request a new access token using the current refresh token:

curl 
--location 'https://api.samsungknox.com/ams/v1/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'client_id={OAUTH2_CLIENT_ID}' \
--data-urlencode 'client_secret={OAUTH2_CLIENT_SECRET}' \
--data-urlencode 'refresh_token={CURRENT_REFRESH_TOKEN}'

You receive new access and refresh tokens in the below format:

{ 
  "access_token": "eyJraWQiOiIzYjkwNjAxMSPYLQnMi9A", 
  "refresh_token": "Aj5OaUNYQ9MZ02Fc2MXZLNDvc", 
  "scope": "kai", 
  "token_type": "Bearer", 
  "expires_in": 599 
}

Make sure to store the new refresh token for future use.

Revoke access token

If you no longer require access to end user’s Knox cloud services resources, you can revoke your access or refresh tokens. For more information, see the POST /oauth2/revoke operation.

For example:

curl 
--location 'https://api.samsungknox.com/ams/v1/oauth2/revoke' \
--header 'Accept: application/json' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=z3w55213y2' \
--data-urlencode 'client_secret=Cy2GFPJBfGHvc5DfBctlXNfBZH8AfVbD' \
--data-urlencode 'token=X1JYJfxRzKlnKmEGqAsYBdBMDtYJZ'

Step 4 — Refresh access token

Revoke access token

On this page