Embedded APIResourcesAPI platform

Refresh token or secret

Refreshes the auth token or OAuth 2.0 client secret. This endpoint fails if the authorization type on the access profile is JWT. <Warning title="DEPRECATION NOTICE"> This endpoint is planned for deprecation on December 1, 2025. Transition to the [Refresh API key secret](/oem-api/resources/api-platform/refresh-api-client-key-secret) endpoint before this date to ensure uninterrupted service.</Warning> The response returned depends on the authorization type of the access profile: - **Auth token authorization**: returns a new auth token in the secret response. - **OAuth 2.0 authorization**: returns a new client ID and secret in `oauth_client_id` and `oauth_client secret`.

Path parameters

managed_user_idstringRequired

Embedded customer ID (external ID). The External ID must be URL encoded and prefixed with an E. For example, EA2300.

api_access_profile_idintegerRequired
API access profile ID.

Headers

AuthorizationstringRequired

Bearer authentication of the form Bearer <token>, where token is your auth token.

Response

Success reply
idinteger
ID of the access profile.
namestring
Name of the access profile.
api_client_idinteger
ID of the API client to which this access profile belongs.
api_collection_idslist of integers
IDs of the API collections that are accessible by this access profile.
activeboolean
Indicates whether the access profile is disabled or not.
auth_typestring

Authentication method used in the access profile. Possible values are: token, jwt, oauth2, or oidc.

jwt_methodstring

The JWT signing method. Available methods are hmac and rsa for HMAC and RSA respectively. Only applicable if the auth_type is jwt.

jwt_secretstring
Based on the method, specify the HMAC shared secret or the RSA public key.
oidc_issuerstring

Discovery URL of identity provider or OIDC service. Provide the URL or oidc_jwks_uri, not both. Only applicable if auth_type is jwt or oidc.

oidc_jwks_uristring

JWKS URL of identity provider or OIDC service. Provide only one of this or oidc_issuer, not both. Only applicable if auth_type is jwt or oidc.

access_profile_claimstring

Provide the JWT claim if you plan to use a custom claim to identify this access profile. Only applicable if auth_type is jwt or oidc.

required_claimslist of strings

Provide a list of claims that you plan to enforce. Only applicable if auth_type is jwt or oidc.

allowed_issuerslist of strings

Provide a list of issuers (represented by the iss value in JWT claims) that you plan to allow. If the iss claim is enforced in required_claims, leave this field blank to accept any iss value. This parameter is only applicable when auth_type is set to jwt or oidc.

ip_allow_listlist of strings
List of IP addresses to be allowlisted.
created_atstring
Timestamp in ISO 8601 format.
updated_atstring
Timestamp in ISO 8601 format.

Errors