POST /api/login/renewToken

Updates the time for which an authentication token cookie is valid, as well as other information stored in the cookie.

The cookie expiration time is stored as part of the cookie value itself, in the HTTP header. This operation updates the expiration time by sending a new cookie value to the server.

There must be a valid cookie in place for this operation to succeed; if the cookie has already expired the operation will fail.

Authorization Roles/Permissions: Must be logged in.

This topic includes the following sections:

HTTP Method


Back to top



Back to top

Sample Request

The example below shows a POST /api/login/renewToken request.

Sample request URL


Sample request headers

POST /api/login/renewToken HTTP/1.1
Host: {hostname}
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Csrf-Token_acmepaymentscorp: TokenID%3D82dc1d97-bad2-11e5-ace7-f...{abbreviated}
Cookie: JSESSIONID_pm80=11t5ah9i68us5nph6mj4iqhrv; AtmoAuthToken_acmepaymentscorp=TokenID%3D82dc1d97-bad2-

Sample request body

Not applicable.

Back to top

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept application/json, application/vnd.soa.v71+json, application/vnd.soa.v72+json, application/vnd.soa.v80+json, application/vnd.soa.v81+json
Content-Type application/x-www-form-urlencoded
X-Csrf-Token_{fedmemberID} The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login.

Back to top

Request Parameters

None. However, the cookie parameter in the request header is important since there must be a valid cookie in place for this operation to work. The request must include a valid token that has not expired.

If your programming environment records the cookie and sends it automatically with your requests, there's nothing else you'll need to do. If it doesn't, you'll need to capture the cookie after login and send it as an HTTP request header for each request.

Back to top


If successful, the renewToken method returns an updated user authentication token.

Back to top

Sample Response

The sample response below shows a new cookie returned. In this example, the CSRF feature is turned on, so an updated CSRF-token cookie is also returned.

Sample response headers

Note: In the example below, line breaks have been added for display reasons. If there is any indentation within a parameter, it indicates a line break, not spaces in the content.

HTTP/1.1 200 OK
Date: Thu, 14 Jan 2016 15:21:41 GMT
Cache-Control: no-cache, no-store
Content-Type: application/json
Set-Cookie: AtmoAuthToken_acmepaymentscorp=TokenID%3D8326e23b-bad
AMJ-e6Y;path=/;expires=Thu, 14 Jan 2016 15:46:41 GMT;HttpOnly
path=/;expires=Thu, 14-Jan-2016 15:46:41 GMT
Sample response body
  "pendingNotifications" : 0,
  "status" : "success",
  "loginDomainID" : "siteusers.acmepaymentscorp",
  "avatarURL" : "",
  "sessionValidUntil" : "2016-01-04T21:08:49.408Z",
  "userName" : "adminAcmepaymentscorp",
  "authTokenValidUntil" : "2016-01-04T20:58:49.871Z",
  "userFDN" : "9a6fd4d2-d18e-4c3e-9475-7eaddfcf32ca.acmepaymentscorp"

Back to top

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type application/json, application/vnd.soa.v71+json, application/vnd.soa.v72+json, application/vnd.soa.v80+json, application/vnd.soa.v81+json
Set-Cookie The set-cookie response header sets, updates, or expires the platform cookie to reflect changes made by the operation.

Back to top

Response Body

Name Type Description
LoginResponse LoginResponse

Contains information returned as a result of logging in.

When renewing the token, the LoginResponse object includes user name and FDN, along with pendingNotifications, status, loginDomainID, avatarURL, and sessionValidUntil/authTokenValidUntil; how long the session will be valid if active/inactive. See example above.

Back to top

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
500 An error occurred processing the call.

More information about Akana API Platform API error messages.

Back to top

Related Topics