By default, each access token expires automatically after 15 minutes. To avoid being logged out automatically, you can replace the current token by issuing a POST request to the appropriate refresh endpoint. Include the current access token in the authorization header, just as you would for any other authenticated request. Oracle Commerce Cloud Service generates and returns a new token and restarts the clock. You then use the new token in the authorization headers of subsequent requests. Note that you may need to refresh the token multiple times (once every 15 minutes) if you need to remain logged in for an extended period of time.

The following example is an authorization header that refreshes an access token for the Admin API:

POST /ccadmin/v1/refresh HTTP/1.1
Authorization: Bearer <old_access_token>

The following example shows the body of the server’s response, which includes the new token:

{
"access_token": "<new_access_token>",
"token_type": "bearer"
}