Ennov InSight API Documentation 7.2

Refresh Token Code Example OAuth 2.0

Use Refresh Token to get new access token when your current access token expires..

To use Refresh Token:
  1. Submit a HTTPS POST request to: https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token
    The tenant_id format: xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx.
    Parameter Name Value
    grant_type refresh_token
    client_id <registered client_id>
    refresh_token To obtain it, see: Authorization Code Defined Example OAuth 2.0
    scope <registered client_id>/.default openid offline_access

    The offline_access parameter must be added to the scope on the initial authorization request to be valid on the refresh_token grant.

    The Response generates an AzureBearerBody Token used in conjunction with the API X-CSRF-TOKEN access token.
  2. Submit an HTTPS GET request to get a token.
    Send an HTTP request (GET-request) to: http://hostname:port/insight/api/v2/token
    The body of the JSON response includes the following with the current session ID. 
    {  "xAuthToken": "F6A8C5D3B1C2EC9A37DF380C7EB5A9C5" }
    The response header contains the following values:
    Parameter Name Value
    X-CSRF-HEADER X-CSRF-TOKEN
    X-CSRF-PARAM _csrf
    X-CSRF-TOKEN 40d67d97-fb28-4a78-a111-5bae0ee706bb
  3. Use that xAuthToken as JSESSIONID for cookies and X-CSRF-TOKEN to start user session.
  4. Send a login POST-request to pass authentication using the same session (set JSESSIONID):
    Parameter Name Value
    URI: http://hostname:port/insight/api/v2/login
    Request header values:
    Content-Type: "application/json"
    X-CSRF-TOKEN: 40d67d97-fb28-4a78-a111-5bae0ee706bb. This value is retrieved as a result of the previous request. (http://hostname:port/insight/api/v2/token)
    Cookie: JSESSIONID=F6A8C5D3B1C2EC9A37DF380C7EB5A9C5. This value is retrieved from XAuthToken form as a result of the step 2.
    Request body (raw): {"access_token":"<obtained_access_token>", "refresh_token":"<obtained_refresh_token>", "token_type":"Bearer"}

    This is the Azure Generated Authorization Token gathered in steps 1 and 2.

    After successful logon, the application creates a new session and a new token to use in subsequent API calls. The response header contains the following values:
    Parameter Name Values
    X-CSRF-HEADER X-CSRF-TOKEN
    X-CSRF-PARAM _csrf
    X-CSRF-TOKEN 40d67d97-fb28-4a78-a111-5bae0ee706bb
  5. Make an API call with your new token.
    All subsequent REST API POST-requests (read/create/create-or-update/delete for a specific entity) are sent through "/api/v2" URI (example: http://hostname:port/insight/api/v2/event/46098/delete) with the following attributes:
    Parameter Name Value
    Request header values:
    Content-Type: "application/json"
    X-CSRF-TOKEN: 40d67d97-fb28-4a78-a111-5bae0ee706bb
    Cookie: JSESSIONID=F6A8C5D3B1C2EC9A37DF380C7EB5A9C5. This value is retrieved from XAuthToken form as a result of the step 2.
    Request body: JSON object for the specific entity.
    Instead of X-CSRF-TOKEN header, you can use the "_csrf" param.