Refresh token or secret

Refreshes the auth token or OAuth 2.0 client secret. This endpoint fails if the authorization type on the access profile is JWT.

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the Refresh API key secret endpoint before this date to ensure uninterrupted service.

The response returned depends on the authorization type of the access profile:

Auth token: returns a new auth token in the secret response.
OAuth 2.0: returns a new client ID and secret in oauth_client_id and oauth_client secret.

Path parameters

api_access_profile_idintegerRequired

API access profile ID.

Response

Success reply

idinteger

ID of the access profile.

namestring

Name of the access profile.

api_client_idinteger

ID of the API client to which this access profile belongs.

api_collection_idslist of integers

IDs of the API collections that are accessible by this access profile.

activeboolean

Returns whether the access profile is disabled or enabled.

auth_typestring

Authentication method used in the access profile. Options are: token, jwt, oauth2, and oidc.

jwt_methodstring

The JWT signing method. Available methods are hmac and rsa for HMAC and RSA respectively. Only applicable if the auth_type is jwt.

jwt_secretstring

Based on the method, specify the HMAC shared secret or the RSA public key.

oidc_issuerstring

Discovery URL of identity provider or OIDC service. Provide only one of this or oidc_jwks_uri, not both. Only applicable if auth_type is jwt or oidc.

oidc_jwks_uristring

JWKS URL of identity provider or OIDC service. Provide only one of this or oidc_issuer, not both. Only applicable if auth_type is jwt or oidc.

access_profile_claimstring

Provide the JWT claim key if you plan to use a custom claim to identify this access profile. Only applicable if auth_type is jwt or oidc.

required_claimslist of strings

Provide a list of claims that you plan to enforce. Only applicable if auth_type is jwt or `oidc.

allowed_issuerslist of strings

Provide a list of issuers (represented by the iss value in JWT claims) that you wish to allow. If the iss claim is enforced in required_claims, leave this field blank to accept any iss value. This parameter is only applicable when auth_type is set to jwt or oidc.

ip_allow_listlist of doubles

List of IP addresses to be allowlisted.

created_atstring

Timestamp in ISO 8601 format.

updated_atstring

Timestamp in ISO 8601 format.

1	{
2	"id": 26962,
3	"name": "Sales team",
4	"api_client_id": 1255,
5	"api_collection_ids": [
6	1391,
7	1057
8	],
9	"active": true,
10	"auth_type": "token",
11	"jwt_method": "null",
12	"jwt_secret": "null",
13	"oidc_issuer": "null",
14	"oidc_jwks_uri": "null",
15	"access_profile_claim": "null",
16	"required_claims": [
17	"null"
18	],
19	"allowed_issuers": [
20	"null"
21	],
22	"ip_allow_list": [
23	192.158138,
24	192.02146
25	],
26	"created_at": "2023-02-22T09:55:36.427Z",
27	"updated_at": "2023-02-28T10:09:07.579Z"
28	}

DEPRECATION NOTICE

Path parameters

Headers

Response

Errors

1	curl -X PUT https://www.workato.com/api/api_access_profiles/1/refresh_secret \
2	-H "Authorization: Bearer <token>"