DOCUMENTATION
Guides
Recipient login

Token management

“Token management” refers to the ID token refresh/revocation process. The Akoya ID token is used to enable secure communication between a data recipient and the Akoya network.

Suggest Edits

🚧

Token required!

Please obtain a token prior to completing this section.

"Happy path" tests

Test caseTask(s)Expected result(s)
Refresh an ID tokenCall the /token endpoint with the refresh_token.Receive valid new ID and refresh tokens.
Refresh an expired ID token1. Identify an id_token older than 24 hours.

2. Call the /token endpoint with the refresh_token.		Receive valid new ID and refresh tokens.
Revoke an ID token1. Call the /token/revoke endpoint.

2. Attempt a call to the /accounts endpoint.		1. HTTP 200: OK (empty payload)

2. HTTP 401: Unauthorized

Error payload:
{
   "code": 602,
   "message": "Customer not authorized"
}

“Sad path” tests

Please review our error codes documentation.

Test caseTask(s)Expected result(s)
Refresh a used refresh_token.Test a token refresh call with a refresh_token that has already been claimed.HTTP 400: Bad Request

Error payload:
{
   "error": "invalid_request",
   "error_description": "Refresh token is invalid or has 
 already been claimed by another client."
}
Refresh with invalid client_secret.Try a token refresh with an invalid client_secret.HTTP 401: Unauthorized

Error payload:
{
   "error": "invalid_client",
   "error_description": "Invalid client credentials."
}
Revoke with invalid client_secret.1. Try the revoke token endpoint without a client_secret.

2. Try the revoke token endpoint with an incorrect client_secret.		1. HTTP 400: Bad Request

Error payload:
{
   "error": "invalid_request"
}


2. HTTP 401: Unauthorized

Error payload:
{
   "error": "unauthorized_client"
}
Obtain a token with invalid authorization code.1. Use the /token endpoint with an expired code.

2. Use the /token endpoint with an incorrect code.		(both tasks) HTTP 400: Bad Request

Error payload:
{
   "error": "invalid_request",
   "error_description": "Invalid or expired code parameter."
}
Obtain a token with an incorrect redirect_URI.Use /token endpoint with an incorrect redirect_URI.HTTP 400: Bad Request

Error payload:
{
   "error": "invalid_request",
   "error_description": "redirect_uri did not match URI 
 from initial request."
}
Obtain a token with a missing grant_type field.1. Use /token endpoint with a missing grant_type field.

2. Use /token endpoint with an incorrect grant_type field.		HTTP 400: Bad Request

Error payload:
{
   "error": "invalid_grant"
}
Obtain a token with an incorrect client_id.1. Use /token endpoint with an incorrect clientId.

2. Use /token endpoint with an incorrect client_secret.		1. HTTP 401: invalid_client

2. HTTP 401 Unauthorized

Error payload:
{
   "error": "invalid_client",
   "error_description": "Invalid client credentials."
}
Refresh a token without a refresh_token.Use /token endpoint with grant_type=refresh_token without including the current refresh_token.HTTP 400 Bad Request

Error payload:
{
   "error": "invalid_request",
   "error_description": "No refresh token in request."
}

Need help?

Check out our Developer Community, or visit the Support Center in the Data Recipient Hub.

Looking for provider nuance documentation?

All provider nuance documentation is available in the Data providers section in the Data Recipient Hub.

Still stuck?

For all production issues, submit a support ticket through the Data Recipient Hub. Our support team is standing by 24/7. Questions and non-production issues will be answered during business hours.

Updated 5 months ago