POST /api/login/renewToken

Updates the time for which an authentication token cookie is valid, as well as other information stored in the cookie.

The cookie expiration time is stored as part of the cookie value itself, in the HTTP header. This operation updates the expiration time by sending a new cookie value to the server.

There must be a valid cookie in place for this operation to succeed; if the cookie has already expired the operation will fail.

Authorization Roles/Permissions: Must be logged in.

This topic includes the following sections:

HTTP Method
URL
Sample Request
Request Headers
Request Parameters

Response
Sample Response
Response Headers
Response Body
Error Codes/Messages

HTTP Method

POST

URL

https://{hostname}/api/login/renewToken

Sample Request

The example below shows a POST /api/login/renewToken request.

Sample request URL

https://{hostname}/api/login/renewToken

Sample request headers

In the sample request headers below, line breaks have been added to the cookie value for display purposes, and the X-Csrf-Token_{fedmemberID} header has been abbreviated.

POST /api/login/renewToken HTTP/1.1
Host: acmepaymentscorp.apiportal.akana.com
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Cookie: AtmoAuthToken_acmepaymentscorp=TokenID%3D588ed75a-5371-40c6-9ff8-1b1c53f076af%2Cclaimed_id%3Durn%3Aatmosphere
%3Auser%3Aacmepaymentscorp%3A8697a0a0-2c6f-4bee-a501-c0819b649791%2CissueTime%3D1613688594281%2CexpirationTime%3D1613
690454263%2CUserName%3D111579592339630049469%2CUserFDN%3D8697a0a0-2c6f-4bee-a501-c0819b649791%252Eacmepaymentscorp%2C
AttributesIncluded%3Dfalse%2Csig%3DEqIom326DbF6uykOXC0VHpbSj9TZu8hPfOU0PS50lmugtcGqfRokV6rkE8zWrMmYODMDte27UZ
xYHMqsZt4-39Y_-Za6y5MjmEX2Y0DXzo2XBh1EHYHUMVt-C8XB9QUy7n_oVBUkFvrbuSUIWINcqTLMwxRztLYYp09d1Z2vFvs
X-Csrf-Token_acmepaymentscorp: TokenID%3D8ed70a13-8469-11e8-b37a-b155e4eabeb8%2CexpirationTime%3D153...

Sample request body

Not applicable.

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header	Description
Accept	application/json, application/vnd.soa.v71+json, application/vnd.soa.v72+json, application/vnd.soa.v80+json, application/vnd.soa.v81+json
Content-Type	application/x-www-form-urlencoded
Cookie	AtmoAuthToken_{fedmemberid}={cookie value, which usually starts with TokenID}—The platform cookie. This is the Akana API Platform authorization token, and must be sent with every API request that requires login. For more information and an example, see Session cookies.
X-Csrf-Token_{fedmemberID}	The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login.

Request Parameters

None. However, the cookie parameter in the request header is important since there must be a valid cookie in place for this operation to work. The request must include a valid token that has not expired.

If your programming environment records the cookie and sends it automatically with your requests, there's nothing else you'll need to do. If it doesn't, you'll need to capture the cookie after login and send it as an HTTP request header for each request.

Response

If successful, the renewToken method returns an updated user authentication token.

Sample Response

The sample response below shows a new cookie returned.

Sample response headers

In the sample response headers below, the Set-Cookie value has been abbreviated for display purposes.

HTTP/1.1 200 OK
Content-Type: application/json
Date: Tue, 16 Feb 2021 21:30:23 GMT
Set-Cookie: AtmoAuthToken_acmepaymentscorp=TokenID%3D553bed71-6e51-437c-bddf-90b2cffdb0a0%2Cclaimed_id%3Durn%3Aatmosphere%3Auser%3Aacmepaymentscorp%3Af1ee ... ymUBMkqmp9doQ;path=/;HttpOnly;Secure;expires=Tue, 16 Feb 2021 22:01:23 GMT

Sample response body

{
  "userName" : "JenMeadows",
  "userFDN" : "f1ee5aaa-e58e-4bc7-989e-490ccd854904.acmepaymentscorp",
  "avatarURL" : "https://acmepaymentscorp.apiportal.akana.com:443/api/users/f1ee5aaa-e58e-4bc7-989e-490ccd854904.acmepaymentscorp/avatars/7057fa39-e78d-4055-bbb0-3afa21532f51.png",
  "pendingNotifications" : 0,
  "status" : "success",
  "loginDomainID" : "siteusers.acmepaymentscorp",
  "lastLoginDate" : "2021-02-16T21:09:15Z",
  "sessionValidUntil" : "2021-02-16T23:18:00.056Z",
  "authTokenValidUntil" : "2021-02-16T22:00:23.996Z"
}

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header	Description
Content-Type	application/json, application/vnd.soa.v71+json, application/vnd.soa.v72+json, application/vnd.soa.v80+json, application/vnd.soa.v81+json
Set-Cookie	The set-cookie response header sets, updates, or expires the platform cookie to reflect changes made by the operation.

Response Body

Name	Type	Description
LoginResponse	LoginResponse	Contains information returned as a result of logging in. When renewing the token, the LoginResponse object includes the following: user name, FDN, and avatarURL pendingNotifications and status loginDomainID and lastLoginDate sessionValidUntil/authTokenValidUntil, indicating how long the session will be valid if active/inactive. See example above.

Name

Type

Description

LoginResponse

Contains information returned as a result of logging in.

When renewing the token, the LoginResponse object includes the following:

user name, FDN, and avatarURL
pendingNotifications and status
loginDomainID and lastLoginDate
sessionValidUntil/authTokenValidUntil, indicating how long the session will be valid if active/inactive.

See example above.