This method lets you refresh your existing user's access token.
When utilizing an iFrame connection, the access token may be exposed to your users in the page's HTML code. For enhanced security, we suggest using temporary tokens with a preset expiration period determined by Albato. Upon expiration of the token, this method should be called to obtain a new one for an existing user.
Authorization: This method should be called with the partner's master account token.
Request: POST https://api.albato.com/wl/partner-name/get-user-session-token
Request parameters:
id — An alphanumeric user ID that the partner passes when creating a new user. The ID must be unique for each partner's user.
Response parameters:
success — Request success indicator. Available values: true or false
data.permanentToken — A permanent API token of an existing user; it only returns if permanent tokens are enabled in the partner account settings
data.sessionToken — A temporary API token; it only returns if temporary tokens are enabled in the partner account settings
data.sessionTokenValidUntil — Expiration period (unix timestamp) of a temporary API token of an existing user. It only returns a value if temporary tokens are enabled in the partner account settings
Request example via curl:
curl --header "Content-type: application/json" --header "Accept: application/json" --header "Authorization: Basic cEFJjGffUSkV6WFFyWUhBM1RzS2hRHg7iKgReghUiijBfrdTY6" --request POST --data '{"email":"test@example.com"}' "https://api.albato.com/wl/partner-name/get-user-session-token"
Response example:
{
"success": true,
"data": {
"permanentToken": "IhIHggKkgBP-qtiDXLAMxKsSOO6A4Mu_L",
"sessionToken": "eyJ0eXAiOiJKV.eyJpZGVudGl0eSI6OTczMzAsInRydWVJZGVudGl0eS..._GT8jc8Xby-3sidRPk",
"sessionTokenValidUntil": 1654744263
}
}