Skip to content

Exchange session_token for id_token API

Calling this API will refresh the id_token. If automatic refresh of session_token is configured in the console, this API will also refresh the session_token.

Request Description

Request Headers

Parameter NameNameRequiredTypeDescription
X-operating-sys-versionCaller OS versionYesStringwindows10.1.1
X-device-fingerprintCaller device fingerprintYesString156aysdna213sc50
X-device-ipCaller IPNoString192.168.1.2
X-agentUser-Agent infoYesStringMozilla/5.0 (iPhone; CPU iPhone OS 13_3 like Mac OS X) AppleWebKit/605.1.15(KHTML, like Gecko) Mobile/15E148/HuaWei-AnyOffice/2.6.1802.0010/com.huawei.cloudlink.workplace
X-LUsed for internationalization language settingNoStringzh
X-client-idApplication authorization IDYesStringnTo1eRIub60vPb54WeE6aojPwYwImtl4
X-session-tokenSession credentialYesStringeyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWJqZWN

Request Parameters

None

Response Example

Success Example

HTTP/1.1 200 OK

json
{
    "session_token":"nRUxqRE5TSlQwd3NBIiwiaW",
    "expire": 604800,
    "id_token": "eyJraWQiOiI0NjJhYjY0OTM0Zjk0ZTRmOGE4MjU2Mzc4YzgyMTVlMiIsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJodHRwczovL21oLmlkYWFzLXRlc3QtYWxwaGEuYmNjYXN0bGUuY29tL2FwaS92MS9vYXV0aDIiLCJhdWQiOiJwT0p1YVhHSmRqNFZzTzZmaVFRaUpia3JxSXFIMTZqNiIsInN1YiI6ImFkbWluIiwiZXhwIjoxNjQ2ODgzNzc5LCJqdGkiOiJaa1hnZ3FCZzZnRUxqRE5TSlQwd3NBIiwiaWF0IjoxNjQ2ODc2NTc5LCJuYmYiOjE2NDY4NzY0NTksImlkIjoiMjAyMjAxMjYxNDE1MDc5MjAtQzlCNy0xMjRGMzVCNEQiLCJuYW1lIjoiYWRtaW4xMSIsInVzZXJOYW1lIjoiYWRtaW4iLCJtb2JpbGUiOiIrODYtMTgyNzE5NDkwNTUiLCJlbWFpbCI6ImFhc2RAcXEuY29tIn0.Jz3pZhvpVQDKXyPaeDYar4jKNi9m3liXqgM4qHb8pWVbi0D8OpgYFYCX-LzSqEfU6ex_ix9_nctHXsPt-4wdhX75eMrQXZFCO4mwGpsdKQBAqSkKJ6Vv53j_Ptr6Lu87dVDPX9SqL3yv3KpNP6hfn74ShQVE23BXfm12-KAY8otJUdeL2OS3v0N7xdjgaYeIAXf7LhrMEo1tNCRCY8uuCKjC280yIKtrRSC86oB5hEW-QFTjtt938TV4cpb1x6zO99SSwR_SnJE1w069wHREjAhMw4Q2uo7CXqPojn5oUrIvlE8GuXwoYFFQand4IgNPMk-EnPT4NLVJ8oEoRsydhg"
}

Error Example

HTTP/1.1 400 Bad Request

json
{
    "error_code": "SDK.COMMON.1001",
    "error_msg": "Parameter X-client-id cannot be blank"
}
{
    "error_code": "SDK.COMMON.1006",
    "error_msg": "session_token parameter error"
}
{
    "error_code": "SDK.COMMON.1005",
    "error_msg":"LgTZcmcTAJZnqylkzlTjubV24iI8a1jF1 has expired"
}

Response Parameters

Parameter NameNameTypeDescription
expiresession_token validity periodNumberValidity period of session_token; within the validity period, you can use session_token to obtain id_token
session_tokenUser session_tokenStringUser session_token; you can use this token to call the IDaaS API to obtain id_token
id_tokenShort-term valid API call credentialStringThis field is a JWT that stores user information and the application's scope information, which needs to be obtained after signature verification; valid for 2 hours by default and supports configuration

BambooCloud IDaaS Open Platform