Retrieval of a refresh token

When you want to retrieve a bearer token to perform any operation on a schema, you must have a refresh token. You can retrieve the refresh token from any external application by using the POST method.


The following prerequisites must be met to retrieve the refresh token:
  • You must have logged in to HCL OneTest Server.
  • You must have the JSession identification number or the Cross-Site Request Forgery (XSRF) token.
    Note: You can retrieve both the JSession identification number or the XSRF token from the cookies of the browser.

REST API request

To retrieve the information about the refresh token, you must use the request with the following attributes:

Request attributes Request parameters
HTTP method POST
Endpoint https://{OneTest_Server}/onetest-data/rest/tokens


Request body Null

Response code

You can view the following response after you run the request:

HTTP response code Response example
"access_token": "xxxxxx", 
"expires_in": 300, 
"id_token": null, 
"not-before-policy": 0, 
"refresh_expires_in": 0, 
"refresh_token": "xxxxx", 
"scope": "testserver email offline_access profile", 
"session_state": "f0b7a186-0514-4a7f-abd7-4e635048e8d7", 
"token_type": "bearer" 
401(Invalid Jsession Id/XSRF Token)
    "code": 401 

Example of the cURL command

You can also use the following cURL command to retrieve the details of a bearer token:

curl -X POST "" -H "accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -H "JSESSIONID: XXXX"