MENU
      Renew Token Set

        Renew Token Set


        Article summary

        Available in Classic and VPC

        Recreate a token set (access token and refresh token).

        Caution
        • Recreating a token set does not automatically discard existing token sets.
        • The token possesses all the permissions of the key held by the user who requested its creation.
        • Token generators do not manage the tokens they generate, so they can't be destroyed individually. Therefore, it is crucial to take extra precautions to prevent token leakage.

        Request

        This section describes the request format. The method and URI are as follows:

        MethodURI
        PUT/keys/{keyTag}/token-set

        Request headers

        For information about the headers common to all Key Management Service APIs, see Key Management Service request headers.

        Request path parameters

        You can use the following path parameters with your request:

        FieldTypeRequiredDescription
        keyTagStringRequiredKey tag
        • Unique identifier for the key derived from the key name
        • Check through Get key list
        • Use to request encryption or decryption with REST APIs
        • Key tags are not treated as confidential information

        Request body

        You can include the following data in the body of your request:

        FieldTypeRequiredDescription
        accessTokenHoursInteger or StringOptionalAccess token validity time (hour)
        • 1-17520 (default: 72)
        • UL: Enter for unlimited
        refreshTokenHoursInteger/StringOptionalRefresh token validity time (hour)
        • 1-17520 (default: 2160)
        • UL: Enter for unlimited

        Request example

        The request example is as follows:

        curl --location --request PUT 'https://ocapi.ncloud.com/kms/v1/keys/a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6/token-set' \
        --header 'x-ncp-ocapi-token: {Refresh Token}' \
        --data '{
          "accessTokenHours": 72,
          "refreshTokenHours": 2160
        }'
        Shell

        Response

        This section describes the response format.

        Response body

        The response body includes the following data:

        FieldTypeRequiredDescription
        codeString-Success or Failure
        dataObject-Response result
        data.refreshTokenString-The Jason Web Token (JWT) type refresh token recreated
        data.accessTokenString-The Jason Web Token (JWT) type access token recreated

        Response status codes

        For response status codes common to all Key Management Service APIs, see Key Management Service response status codes.

        Response example

        The response example is as follows:

        {
          "code": "SUCCESS",
          "data": {
            "refreshToken": "{JWT_REFRESH_TOKEN}",
            "accessToken": "{JWT_ACCESS_TOKEN}"
          }
        }
        JSON

        Was this article helpful?

        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.