Unable to fetch valid refresh tokens

prasad1 · November 21, 2017, 11:31am

We followed your documentation https://poynt.github.io/developer/cloud/integrating-with-poynt-cloud-apis.html to generate access token on behalf of other merchants to access data.

We can able to get accessToken and can access merchants data.

The problem happens with the refreshToken, We can’t able to generate accessToken from refreshToken.
Followed https://poynt.github.io/developer/overview/authentication-authorization.html (USING REFRESH TOKEN TO FETCH A NEW ACCESS TOKEN)

Response received

{“code”:“INVALID_REFRESH_TOKEN”,“httpStatus”:401,“message”:“Refresh token is missing or invalid.”,“developerMessage”:“Invalid refresh token.”,“requestId”:“91730e0e-a2c1-4bb9-ab96-5b2290fd481f”}

FYI: I can able to get valid refreshToken once in awhile.

My questions are

Can we able to get valid refreshTokens?
Do we have to wait till accessToken to expire to generate new accessToken from refreshToken?
What is Point-Request-Id? Do we have to pass Poynt-Request-Id(Received while generating accessToken) as header while generating new accessToken?

dennis · November 28, 2017, 5:44am

Hi Prasad,

The refresh token gets invalidated once you use it, once you use it you get a new refresh token.

You don’t have to wait until the access token expires to renew it, but since access token is valid for 24 hours, there is really no need to get a new access token for each API call, so the best practice would be to use access token until it nears the expiration and then get a new one and cache the new refresh token. If for whatever refresh token gets invalidated you can fall back to generate a new access token using self-signed JWT.

Poynt-Request-Id is a unique id for your HTTP request. If you don’t pass it the server will generate one. We use it for idempotency.

prasad1 · November 28, 2017, 6:27am

Hi Dennis,

We are trying to get new tokens using refresh token at first time. We are getting this issue. Plz help me to solve this.

{“code”:“INVALID_REFRESH_TOKEN”,“httpStatus”:401,“message”:“Refresh token is missing or invalid.”,“developerMessage”:“Invalid refresh token.”,“requestId”:“d940ec44-2c1e-4210-9a8c-99dc9279d158”}

dennis · November 29, 2017, 7:15pm

Do you see the raw HTTP response that carries the refresh token?
If so, can you take the refresh token and try using this curl command:

  curl -v "https://services.poynt.net/token" \
  -H "api-version: 1.2" \
  -H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" \
  -d "grantType=REFRESH_TOKEN" \
  -d 
  "refreshToken=$refreshToken"

prasad1 · December 5, 2017, 4:40am

Hi Dennis,

Yes, we tried the same

We tried to get new access token from refresh token after 16 hours from the initial call, but we are still receiving Invalid refresh token.

FYI : Request Id we received a02367e2-c11d-4445-80a4-4ff698ba8448

satya · May 17, 2018, 7:02pm

Hi @prasad1,
Is this still an issue? Please let us know.

THanks,
Satya