This REST API generates JWT authentication tokens to be used with the Fetch API and other future services.
There are two kinds of token issued by this Auth API:
- Access Token -- A short lived JWT bearer token that provides access to services
such as Fetch API endpoints. The lifespan of these \tokens is measured in minutes, typically 60 minutes. - Refresh Token -- A longer lived, single use, UUID/GUID that can be exchanged for a fresh new pair of Access and Refresh Tokens. The lifespan of a Refresh Token is measured in days, typically 30 days.
If you have a valid Refresh Token, you can use it with the POST /refreshtoken endpoint to obtain a new pair of Access and Refresh Tokens.
If you don't have a valid Access or Refresh Token, you can obtain both by submitting primary credentials consisting of a username, password, and client ID to the POST /token endpoint of the Auth API. Once you have a valid Refresh Token, you can use it on a system that is exposed to external traffic without having to store your primary credentials there. Since a Refresh Token can only be used once before it expires, an unexpectedly invalid Refresh Token indicates that the exposed system was likely compromised. You can recover by generating new tokens from your primary credentials in a protected environment while separately escalating the security breach.