Subsequent authentication with Refresh Token

Summary

Retrieve and store refresh token from response header of initial authentication
Generate an access token from the refresh token
Use access token for subsequent API operations
companyId is required
Required API calls: authenticationService/authenticate

Step 1: Extract refresh token

Upon successful initial authentication the refresh token will be issued in the set-cookie response header of the authentication request

Response header set-cookie example

The refresh token is the value of the auth key

auth=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX; Path=/;
Domain=app.alfaview.com; Expires=Sat, 19 Nov 2022 15:18:15 GMT; HttpOnly;
 Secure

Step 2: Store refresh token

Browser based applications use cookies to store the refresh token
Other applications may use operating system specific solutions, such as the Data Protection API on Windows or the KeyChain Access on macOS

Step 3: Generate access token from refresh token

Request to https://apis.alfaview.com/json/v1/authenticationService/authenticate including a COOKIE with key auth and value of the refresh token

{
  "requestId": "### REQUEST ID ###",
  "refreshTokenCredentials": {
  "companyId": "### COMPANY ID ###",
  }
}

Response

{
  ...
  "accessToken": "...",
  "expiresAt": "...",
  ...
}

Notes

A refresh token is always tied to a companyId. Store them as a pair.

Last updated on July 3rd, 2025, 11:49 am