This documentation is for WSO2 API Manager 1.5.0 View documentation for the latest release.
Page Comparison - Token APIs (v.44 vs v.45) - API Manager 1.5.0 - WSO2 Documentation

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The REST message will grant the user a renewed user token.


NOTE: When a user token expires, the user cannot be authorized and the getConsumerSecret method of SignatureVerificationHandler throws a 401 user authentication/signature verification failure as "Failed to authenticate user, no consumerSecret found."

This error can be caused by other reasons too. You can determine the exact reason by putting some logs in the code to see whether the user is authorized, and the applicationName, subscriberName, tokenType, apiContext, accessToken and apiVersion are accurate.

Revoking access tokens

After issuing an access token, a user or an admin can revoke it in case of theft or a security violation. You can do this by calling Revoke API using a utility like cURL. The Revoke API's endpoint URL is http://localhost:8280/revoke.