Each access token expires automatically after a predetermined period of time. Tokens associated with an application key expire after 5 minutes. Tokens associated with user credentials expire after 15 minutes.

To avoid being logged out of an API, you can replace the current token by issuing a POST request to the API’s refresh endpoint. Include the current access token in the authorization header, just as you would for any other authenticated request. Oracle Commerce Cloud generates and returns a new token and restarts the clock. You then use the new token in the authorization headers of subsequent requests. Note that you may need to refresh the token multiple times (every 5 minutes for a login with an application key, every 15 minutes for a login with user credentials) if you need to remain logged in for an extended period of time.

The following example is an authorization header that refreshes an access token for the Admin API:

POST /ccadmin/v1/refresh HTTP/1.1
Authorization: Bearer <old_access_token>

The following example shows the body of the server’s response, which includes the new token:

{
"access_token": "<new_access_token>",
"token_type": "bearer"
}