Step 4 — Refresh or revoke access token

When your access token expires, you can use the refresh token obtained in Step 2 –Get access and refresh tokens to request a new one.

Get new tokens

You can request a new access token using the current refresh token, as shown below. Calling the /oauth2/token endpoint discards the old refresh token and issues new access_token and refresh_token values.

curl --location 'https://api.samsungknox.com/ams/v1/oauth2/token' \
     --header 'Content-Type: application/x-www-form-urlencoded' \
     --data-urlencode 'grant_type=refresh_token' \
     --data-urlencode 'client_id={OAUTH2_CLIENT_ID}' \
     --data-urlencode 'client_secret={OAUTH2_CLIENT_SECRET}' \
     --data-urlencode 'refresh_token={CURRENT_REFRESH_TOKEN}'

Remember to replace the placeholders with your actual values. A sample response is shown below:

{ 
  "access_token": "abCdeFg..HiJKlM2o", 
  "refresh_token": "aBCl1..DE2fgHI", 
  "scope": "kai", 
  "token_type": "Bearer", 
  "expires_in": 599 
}

Make sure to store the new refresh token for future use.

Revoke an access token

You can revoke access tokens or refresh tokens in order to prevent access to Knox cloud services APIs. A sample request is shown below. Replace the placeholders with your actual values. The token parameter can be either an access token or a refresh token. After revocation, the token becomes invalid immediately.

For example:

curl --location 'https://api.samsungknox.com/ams/v1/oauth2/revoke' \
     --header 'Accept: application/json' \
     --header 'Content-Type: application/x-www-form-urlencoded' \
     --data-urlencode 'client_id=a1b23456c7' \
     --data-urlencode 'client_secret=Ab1...DEfG' \
     --data-urlencode 'token=A1B...cDEF'

The response body is empty if the request is successful. If there is an error, it returns an error message in JSON format, as shown in the following response sample:

{
  "error": "invalid_client"
}

For more information, see the Knox OAuth 2.0 Authentication API reference.