POST /api/login/renewToken

Updates the time for which an authentication token cookie is valid, as well as other information stored in the cookie.

The cookie expiration time is stored as part of the cookie value itself, in the HTTP header. This operation updates the expiration time by sending a new cookie value to the server.

There must be a valid cookie in place for this operation to succeed; if the cookie has already expired the operation will fail.

This topic includes the following sections:

HTTP Method

POST

Back to top

URL

https://{hostname}/api/login/renewToken

Back to top

Sample Request

The example below shows a POST /api/login/renewToken request.

Sample request URL

https://{hostname}/api/login/renewToken

Sample request headers

POST /api/login/renewToken HTTP/1.1
Host: {hostname}
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Csrf-Token_acmepaymentscorp: TokenID%3D82dc1d97-bad2-11e5-ace7-f...{abbreviated}
Cookie: JSESSIONID_pm80=11t5ah9i68us5nph6mj4iqhrv; AtmoAuthToken_acmepaymentscorp=TokenID%3D82dc1d97-bad2-
11e5-ace7-fd6479c3027f%2Cclaimed_id%3Durn%3Aacmepaymentscorp
%3Auser%3Aacmepaymentscorp%3A4fa1a6c9-c846-4186-87c1-7dab5
42aad22%2CissueTime%3D1452784900621%2CexpirationTime%3D14
52786400603%2CUserName%3DadminAcmepaymentscorp%2C
UserFDN%3D4fa1a6c9-c846-4186-87c1-7dab542aad22%252Eacmepaymentscorp
%2CAttributesIncluded%3Dfalse%2Csig%3DRaSBv7BwPyizscFmo
ZpuIuagoRLMzq6bUQazTuz_2zmwBhAiYwBbRdZ1vzUmm_Dc1Eln3
24gI7TJ361ACr0EOf4bnIRL3hKXAuk3jRtZcjr7LtffKOtelnzMogkqtSo
Xy1Jly8eEfdvHoCuebRT-1NjKzdEvLyvum1NpPjYDJhg

Sample request body

Not applicable.

Back to top

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept application/json, application/vnd.soa.v71+json, application/vnd.soa.v72+json, application/vnd.soa.v80+json, application/vnd.soa.v81+json
Content-Type application/x-www-form-urlencoded
X-Csrf-Token_{fedmemberID} The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform.

Back to top

Request Parameters

None. However, the cookie parameter in the request header is important since there must be a valid cookie in place for this operation to work. The request must include a valid token that has not expired.

If your programming environment records the cookie and sends it automatically with your requests, there's nothing else you'll need to do. If it doesn't, you'll need to capture the cookie after login and send it as an HTTP request header for each request.

Back to top

Response

If successful, the renewToken method returns an updated user authentication token.

Back to top

Sample Response

The sample response below shows a new cookie returned. In this example, the CSRF feature is turned on, so an updated CSRF-token cookie is also returned.

Sample response headers

Note: In the example below, line breaks have been added for display reasons. If there is any indentation within a parameter, it indicates a line break, not spaces in the content.

HTTP/1.1 200 OK
Date: Thu, 14 Jan 2016 15:21:41 GMT
Cache-Control: no-cache, no-store
Content-Type: application/json
Set-Cookie: AtmoAuthToken_acmepaymentscorp=TokenID%3D8326e23b-bad
2-11e5-ace7-fd6479c3027f%2Cclaimed_id%3Durn%3A
acmepaymentscorp%3Auser%3Aacmepaymentscorp%3A4fa1a6c9-c846-4186
-87c1-7dab542aad22%2CissueTime%3D1452784901125%2C
expirationTime%3D1452786401093%2CUserName%3DadminAcmepaymentscorp
%2CUserFDN%3D4fa1a6c9-c846-4186-87c1-7dab542aad22%252Eacmepaymentscorp%2CattributesIncluded
%3Dfalse%2Csig%3DJ7q_mNi6LwldidXL4sgzziIm38_CJJIssWmaaYXhuZxGoe
RTAIu1ZpoH243jwNWGW8nrDurMr5TkknQBaosiotkhCSN0KrLGdhItabLw_I
7uNThhSTEnbyHJlIwGWbMfAwwub0LFcBlcrlmzvCm7eqEW7Wn7hkJ_U_k9
AMJ-e6Y;path=/;expires=Thu, 14 Jan 2016 15:46:41 GMT;HttpOnly
Csrf-Token_acmepaymentscorp=TokenID%3D8326e23b-bad2-11e5-ace7-fd6479c3027f%2C
expirationTime%3D1452786701133%2CUserFDN%3D4fa1
a6c9-c846-4186-87c1-7dab542aad22%252Eacmepaymentscorp%2Csig%3D
V6ZK40pZsUufn-vtUv_J7G4Wqoyj0WfPaAMbvwqtpbB9t6SOHf_tTbiXh9oylz
DXj-OV0-GVl8nbghGbMqKd5KrMNqki1SAUemsjS57wvB0expQT4h0
cVsjoa65syaCMyZwlnkBmY0CNrj8J8LM8ZloK4lxMveDGFfRpv65r31A;
path=/;expires=Thu, 14-Jan-2016 15:46:41 GMT
Sample response body
{
  "pendingNotifications" : 0,
  "status" : "success",
  "loginDomainID" : "siteusers.acmepaymentscorp",
  "avatarURL" : "http://acmepaymentscorp.com/api/users/avatar/_V2tspT9mwY7nrMqsfWaVeiw",
  "sessionValidUntil" : "2016-01-04T21:08:49.408Z",
  "userName" : "adminAcmepaymentscorp",
  "authTokenValidUntil" : "2016-01-04T20:58:49.871Z",
  "userFDN" : "9a6fd4d2-d18e-4c3e-9475-7eaddfcf32ca.acmepaymentscorp"
}

Back to top

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type application/json, application/vnd.soa.v71+json, application/vnd.soa.v72+json, application/vnd.soa.v80+json, application/vnd.soa.v81+json
Set-Cookie The set-cookie response header sets, updates, or expires the platform cookie to reflect changes made by the operation.

Back to top

Response Body

Name Type Description
LoginResponse LoginResponse

Contains information returned as a result of logging in.

When renewing the token, the LoginResponse object includes user name and FDN, along with pendingNotifications, status, loginDomainID, avatarURL, and sessionValidUntil/authTokenValidUntil; how long the session will be valid if active/inactive. See example above.

Back to top

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
500 An error occurred processing the call.

More information about Akana API Platform API error messages.

Back to top

Related Topics