How to find the age or validity of an access_ or refresh_token

  • 26 January 2023
  • 2 replies

Badge +1

I’m looking for how to find the age or time left on a token. 

I can call with the access_token in the header as a Bearer token. Works great, tells me it’s "type" : "oAuthToken" and other info, but it doesn’t tell me how long I might have left on it. 

I’d also like to know whether a given token is a refresh token, but when I use the same pattern as above with the refresh_token in the header as a Bearer token, it doesn’t work. I get that it shouldn’t because refresh!=access, but is there any way to get more info about a refresh token? 

The other option is to always refresh and not care how much time is left, but that feels excessive. 

While you’re here, can anyone tell me the difference between the /oauth-token and /oauth/token paths?

Thanks all!


2 replies

Userlevel 6
Badge +4

Hey @Bill Gallagher,

Good questions. At the moment, the closest endpoint we have for getting details along this line is the Get Token Context endpoint:

But unfortunately this doesn’t provide the details of the token’s expiration time. The recommended method for handling this would be to store the timestamp for your access_token on receipt of calling `

Alternatively, you could add a step to check for an error response due to invalid token, and then initiate new token via refresh_token before retrying your request.

As for the paths, /oauth-token is only used for getting the token context. The oauth endpoint used to create or refresh tokens will always use /oauth/token. It’s a good point, though — this naming convention could be more consistent—thank you for pointing it out.

Let me know if it helps to clarify,

Badge +1

Thanks, @Will Bishop, I suspected that I’d have to keep track of expiration, which is fine. The oauth-token vs. oauth/token felt like a typo at first, but good to know the distinction.