Step 2 — Get access and refresh tokens

Now you may call Knox authorization server token endpoint to get access token (short lived — 10 minutes) and refresh token (long lived — 24 hours) in exchange for the authorization code (short lived — 1 minute). For more details, please check Knox OAuth2 Authorization Server API. You would need to update refresh token before it expires as explained in “Step 4” (below).

Getting an access token using the authorization code request example:

curl 
--location 'https://api.samsungknox.com/ams/v1/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'client_id={OAUTH2_CLIENT_ID}' \
--data-urlencode 'client_secret={OAUTH2_CLIENT_SECRET}' \
--data-urlencode 'redirect_uri={REDIRECT_URL_USED_IN_AUTHZ_CODE_REQ}' \
--data-urlencode 'code_verifier={PKCE_CODE_VERIFIER}' \
--data-urlencode 'code={AUTHORIZATION_CODE}'

You receive the access and refresh tokens in the format below. The value of the expires_in key denotes the number of seconds that the access token is valid for.

{
  "access_token":"eyJhbGc..SbHWvZ1w",
  "refresh_token":"fYBll..TT8vmAH",
  "scope":"ke",
  "expires_in": 599,
  "token_type":"Bearer"
}

You need an active access token every time you make a Knox cloud API call.