Refresh Tokens

Overview

The Refresh Token update allows integrators to obtain new JSON Web Token (JWT) bearer tokens without repeatedly sending their AuthUsername, AuthPassword, and AuthKey credentials to the /authenticate endpoint.

First available in apiservice v67 (deployed August 16 2025).
Requires the API Bundle module and App Authorization with the JWT Bearer Token authorization type enabled.
Token lifetimes:
- Bearer — 7 days
- Refresh — 30 days.

Workflow

Working with the API there will be two calls:

POST /authenticate – returns an initial bearer_token and refresh_token.
POST /refresh – accepts a refresh_token and returns a new pair of tokens.

Integrators typically:

Store both tokens securely after the first call.
Use the bearer_token in the Authorization: Bearer <token> header for subsequent API requests.
Call /refresh at—or just before—the 7‑day bearer‑token expiration to receive fresh tokens.
Fall back to /authenticate only if the 30‑day refresh token has expired or has been revoked.

Refresh Token Request

HTTP Method: POST

Endpoint: https://api.cimcloud.com/{sitename}/refresh

Body:

"<redacted-refresh-token>"

Successful Response:

{
"expiration": "<expiration-date>",
"token": "<redacted-jwt-token>"
"refresh_token": "<redacted-refresh-token>"
}

Was this article helpful

Yes No

Overview

Workflow

Refresh Token Request

Was this article helpful

Related Articles