Skip to main content

POST /token/refresh

Generates a new EUID token by sending the corresponding unexpired refresh token, returned by the POST /token/generate endpoint.

Used by: This endpoint is used mainly by publishers.

You can call this endpoint from the client side (for example, a browser or a mobile app) because it does not require using an API key.

note

Rather than calling this endpoint directly, you could use one of the EUID SDKs to manage it for you. For a summary of options, see SDKs: Summary.

Request Format

POST '{environment}/v2/token/refresh'

Add the content of the refresh_token value, returned in the response from the previous POST /token/generate or POST /token/refresh operation, as the POST body.

Here's what you need to know about this endpoint:

  • No encryption is required for requests to the POST /token/refresh endpoint.
  • If the request is successful, with an HTTP status code of 200, a new EUID token or opt-out information is returned.
  • Successful responses, whether the response includes a new token or opt-out information, are encrypted. Error responses are not encrypted.
  • To decrypt responses, use the most recent refresh_response_key value for this token. The refresh_response_key value is returned in the response to the POST /token/generate and POST /token/refresh operations. Each time a token is refreshed, a new refresh_response_key is returned. Be sure to use the most recent one to decrypt the current response.

Path Parameters

Path ParameterData TypeAttributeDescription
{environment}stringRequiredTesting (integration) environment: https://integ.euid.eu
Production environment: https://prod.euid.eu
For a full list, including regional operators, see Environments.
Notes:
  • The integ environment and the prod environment require different API keys.
  • Token expiration time is subject to change, but is always significantly shorter in the integ environment than it is in the prod environment.

Testing Notes

Using either of the following parameters in a POST /token/generate request always generates an identity response with a refresh_token that results in a logout response when used with the POST /token/refresh endpoint:

  • The refresh-optout@example.com email address
  • The +00000000002 phone number

Request Example

For details, and code examples in different programming languages, see Encrypting Requests and Decrypting Responses.

Decrypted JSON Response Format

A decrypted successful response includes a new EUID token (advertising_token) and associated values for the user, or indicates that the user has opted out.

note

The response is encrypted only if the HTTP status code is 200. Otherwise, the response is not encrypted.

This section includes the following sample responses:

Successful Response With Tokens

If all values are valid and the user has not opted out, the response is successful and a new EUID token is returned, with associated values. The following example shows a decrypted successful response with tokens:

{
"body": {
"advertising_token": "E4AAAABl85Pd1yKbznQL58Q_09bAJtGbGl2e-JCLPLGUSsz7ao6iR11QySi-kLtJ7suJAn3lK474gJvOLVK0_BZe8FABStV44hHWoFt9IfWVj35PIWQJ8VoJzrmHhh6YyQDtQ3q_t0ZJL9OjB8cXa94dMDhlGzi3j5K4o9cH3X1OYgJFQDat4L2cj7HMptpWUO9dheldwpVhgfAlLdEw9D3xtA",
"identity_expires": 1724998239163,
"refresh_expires": 1725081039163,
"refresh_from": 1724995539163,
"refresh_response_key": "JZcp6vMDhuMUPAA03QnsW74MhNn4Ng37XRCNChyeX2k=",
"refresh_token": "EAAAAGb41t8MrmTpHpDWYi67K8ok7qo87IQwan5Ghz4CGPz3pYXCoS/bAEygLYa0tjMPw6v1q2UsjQQ7SURA6tq7VvTdROOkxJ6YcNiaCeCpINoZYT5xzsPp9VgkkWT0HkxLYdMUt3M7KMJ+gziJQZGsoMeEYTMR3yEO5w+A7N1uW71Q7PWyTJaRab7F0hUdmwHwN9ZdDj/+Ky/qzf8YBGPzSWvpN7Ry9gT6EQxVZSZIj6PSzFxvSPVt48i59VpJ6zvOL4MKCAtiAFZ92DUeKfGYZ3XptcbO2srOFaAgeJm2hiSOKWPxYfhCBPZa2yYbKRc+UFNO7L+UnxlL+VRU1GTZm3zncDpXlif1lqmfXuza+KMXQmPzuhzxljn0nkUBa8OC"
},
"status": "success"
}

Successful Response With Opt-Out

If the user has opted out, the response is successful but a new EUID token is not returned. The following example shows a decrypted opt-out response:

{
"status": "optout"
}

Error Response

An error response might look like the following:

{
"status": "client_error",
"message": "Client Error"
}

Response Body Properties

The response body includes the properties shown in the following table.

PropertyData TypeDescription
advertising_tokenstringThe EUID token (also known as advertising token) for the user.
refresh_tokenstringAn encrypted token that can be exchanged with the EUID Service for the latest set of identity tokens.
identity_expiresnumberThe Unix timestamp (in milliseconds) that indicates when the EUID token expires.
refresh_fromnumberThe Unix timestamp (in milliseconds) that indicates when the SDK for JavaScript (see SDK for JavaScript Reference Guide) will start refreshing the EUID token, if the SDK is in use.
TIP: If you are not using the SDK, consider refreshing the EUID token from this timestamp, too.
refresh_expiresnumberThe Unix timestamp (in milliseconds) that indicates when the refresh token expires.
refresh_response_keystringA key to be used in a new POST /token/refresh request for response decryption.

Response Status Codes

The following table lists the status property values and their HTTP status code equivalents.

StatusHTTP Status CodeDescription
success200The request was successful and a new EUID token, with associated values, is returned in the response. The response is encrypted.
optout200The user opted out. This status is returned only for authorized requests. The response is encrypted.
client_error400The request had missing or invalid parameters.
invalid_token400The refresh_token value specified in the request was invalid. This status is returned only for authorized requests.
expired_token400The refresh_token value specified in the request was an expired token.
unauthorized401The request did not include a bearer token, included an invalid bearer token, or included a bearer token unauthorized to perform the requested operation.

If the status value is anything other than success or optout, the message field provides additional information about the issue.