This documentation is for WSO2 API Manager 1.5.0 View documentation for the latest release.
Page Comparison - Token APIs (v.43 vs v.44) - API Manager 1.5.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

After an access token is generated, users sometimes may you might have to refresh or renew the old token due to expiration or security concerns. This can be done by issuing a REST call to the Token API through a REST client such as the WSO2 REST Client or Curl, with the following parameters.

...

The REST message will grant the user a renewed user token.

Note

NOTE: When a user token expires, the user cannot be authorized and the getConsumerSecret method of SignatureVerificationHandler throws a 401 user authentication/signature verification failure as "Failed to authenticate user, no consumerSecret found."

This error can be caused by other reasons too. You can determine the exact reason by putting some logs in the code to see whether the user is authorized, and the applicationName, subscriberName, tokenType, apiContext, accessToken and apiVersion are accurate.

Revoking access tokens

After issuing an access token, a user or an admin can revoke it in case of theft or a security violation. You can do this by calling Revoke API using a utility like cURL. The Revoke API's endpoint URL is http://localhost:8280/revoke.

...