Skip to main content
POST
/
api
/
{serviceId}
/
auth
/
token
/
update
Typescript (SDK)
import { Authlete } from "@authlete/typescript-sdk";

const authlete = new Authlete({
  bearer: process.env["AUTHLETE_BEARER"] ?? "",
});

async function run() {
  const result = await authlete.token.management.update({
    serviceId: "<id>",
    tokenUpdateRequest: {
      accessToken: "Z5a40U6dWvw2gMoCOAFbZcM85q4HC0Z--0YKD9-Nf6Q",
      scopes: [
        "history.read",
      ],
    },
  });

  console.log(result);
}

run();
{
  "resultCode": "A135001",
  "resultMessage": "[A135001] Updated the access token successfully.",
  "accessToken": "Z5a40U6dWvw2gMoCOAFbZcM85q4HC0Z--0YKD9-Nf6Q",
  "accessTokenExpiresAt": 1642048149000,
  "action": "OK",
  "scopes": [
    "history.read"
  ],
  "tokenType": "Bearer"
}

Authorizations

Authorization
string
header
required

Authenticate every request with a Service Access Token or Organization Token. Set the token value in the Authorization: Bearer <token> header.

Service Access Token: Scoped to a single service. Use when automating service-level configuration or runtime flows.

Organization Token: Scoped to the organization; inherits permissions across services. Use for org-wide automation or when managing multiple services programmatically.

Both token types are issued by the Authlete console or provisioning APIs.

Path Parameters

serviceId
string
required

A service ID.

Body

accessToken
string

An access token.

accessTokenExpiresAt
integer<int64>

A new date at which the access token will expire in milliseconds since the Unix epoch (1970-01-01). If the accessTokenExpiresAt request parameter is not included in a request or its value is 0 (or negative), the expiration date of the access token is not changed.

scopes
string[]

A new set of scopes assigned to the access token. Scopes that are not supported by the service and those that the client application associated with the access token is not allowed to request are ignored on the server side. If the scopes request parameter is not included in a request or its value is null, the scopes of the access token are not changed. Note that properties parameter is accepted only when Content-Type of the request is application/json, so don't use application/x-www-form-urlencoded if you want to specify properties.

properties
object[]

A new set of properties assigned to the access token. If the properties request parameter is not included in a request or its value is null, the properties of the access token are not changed.

accessTokenExpiresAtUpdatedOnScopeUpdate
boolean

A boolean request parameter which indicates whether the API attempts to update the expiration date of the access token when the scopes linked to the access token are changed by this request.

accessTokenHash
string

The hash of the access token value. Used when the hash of the token is known (perhaps from lookup) but the value of the token itself is not. The value of the accessToken parameter takes precedence.

accessTokenValueUpdated
boolean

A boolean request parameter which indicates whether to update the value of the access token in the data store. If this parameter is set to true then a new access token value is generated by the server and returned in the response.

accessTokenPersistent
boolean

The flag which indicates whether the access token expires or not. By default, all access tokens expire after a period of time determined by their service. If this request parameter is true then the access token will not automatically expire and must be revoked or deleted manually at the service.

If this request parameter is true, the accessTokenExpiresAt request parameter is ignored. If this request parameter is false, the accessTokenExpiresAt request parameter is processed normally.

certificateThumbprint
string

The thumbprint of the MTLS certificate bound to this token. If this property is set, a certificate with the corresponding value MUST be presented with the access token when it is used by a client. The value of this property must be a SHA256 certificate thumbprint, base64url encoded.

dpopKeyThumbprint
string

The thumbprint of the public key used for DPoP presentation of this token. If this property is set, a DPoP proof signed with the corresponding private key MUST be presented with the access token when it is used by a client. Additionally, the token's token_type will be set to 'DPoP'.

authorizationDetails
object

The authorization details. This represents the value of the authorization_details request parameter in the preceding device authorization request which is defined in "OAuth 2.0 Rich Authorization Requests".

forExternalAttachment
boolean

the flag which indicates whether the access token is for an external attachment.

refreshTokenExpiresAt
integer<int64>

A new date at which the access token will expire in milliseconds since the Unix epoch (1970-01-01). If the refreshTokenExpiresAt request parameter is not included in a request or its value is 0 (or negative), the expiration date of the refresh token is not changed.

refreshTokenExpiresAtUpdatedOnScopeUpdate
boolean

A boolean request parameter which indicates whether the API attempts to update the expiration date of the refresh token when the scopes linked to the refresh token are changed by this request.

tokenId
string

The token identifier.

Response

Token updated successfully

resultCode
string

The code which represents the result of the API call.

resultMessage
string

A short message which explains the result of the API call.

action
enum<string>

The next action that the authorization server implementation should take.

Available options:
INTERNAL_SERVER_ERROR,
BAD_REQUEST,
FORBIDDEN,
NOT_FOUND,
OK
accessToken
string

The access token which has been specified by the request.

accessTokenExpiresAt
integer<int64>

The date at which the access token will expire.

properties
object[]

The extra properties associated with the access token.

scopes
string[]

The scopes associated with the access token.

authorizationDetails
object

The authorization details. This represents the value of the authorization_details request parameter in the preceding device authorization request which is defined in "OAuth 2.0 Rich Authorization Requests".

tokenType
string

The token type associated with the access token.

forExternalAttachment
boolean

the flag which indicates whether the access token is for an external attachment.

tokenId
string

Set the unique token identifier.

refreshTokenExpiresAt
integer<int64>

The datetime at which the newly issued refresh token will expire. The value is represented in milliseconds since the Unix epoch (1970-01-01).