---
swagger: "2.0"
info:
  title: Refresh Token
  description: The refresh token resource
  version: 1.0.0-rev1
  x-ibm-name: refresh-token
basePath: /api
schemes:
- https
x-ibm-configuration:
  enforced: true
  phase: realized
  testable: false
  externalDocs: []
  attachments: []
tags: []
definitions:
  RefreshTokenResponse:
    properties:
      token_type:
        type: string
        description: The token type
        example: bearer
      access_token:
        type: string
        description: This field should be passed as Authorization header in API request
          calls
        example: AAEkYzFjMDQ0Y2UtNTBmMy00NmY4LWI4YjEtYmQ5ODJkMWZiNGZh3xGP85xjqyxoHR7pXxzQJf223kWPL-HyWHD4zrRCvHZUkeBkTgxppbmpFtmWeVmjzDOxs1wFzI4s45YDS15eYmyuxzLbVog4d8H9pYSelrvL6naDYOLL9U16EaY0iyAMPBGX1H7RhCqtmd-7u_Eanw7QshbruLaZh2stOrdq2thC5CCSwW2r0e8PM1QbWubJOcMp8UGv-zNc0I3cTSihymSCF44HJ_yeuPAcXJ7kj-iPzQqxaO6FiWPmIsIh2YSxdGYo8alTyjJfG5AQDnM0HA
      expires_in:
        type: number
        description: The access token expiry time (in seconds)
        example: 1800
      scope:
        type: string
        description: The list of scopes separated by space
        example: /dda/customer /dda/accountlist /dda/account /dda/accountsdetails
          /dda/account/transactions
      refresh_token:
        type: string
        description: The refresh token value
        example: AAGsyASCzlBplxGvA-5CFCkLhNinu6-0HQt-y7PuzsRLVAHok6yYs6KS2Np4t7bL0R8FMeT62wYXFxxY6F7LU_cc00QTXPfoQFFtay2tu3eGpBAGDg07ll_vNk_AEJo9l1GaEKYev7Q7drDOeRCDRqcD12zJzk36PsQEM6j1txFV2jR3snW5PLs3HVjxNRjUHWLR5IoI2qfb8zCZNahrFCRQ7T7ZVB_-E6Qk22tN3hZkZH7_kB3bZjtVoNxyjJ6qBDcrYdgtAvPvBV-xXDBmfUXD44JBYiZffHjEr2dFb_e3yA
    required:
    - access_token
    - token_type
    - expires_in
    - scope
  ErrorResponse:
    properties:
      error:
        type: string
        enum:
        - invalid_request
        - unauthorized_client
        - access_denied
        - unsupported_response_type
        - invalid_scope
        - server_error
        - temporarily_unavailable
        description: If the request fails due to a missing, invalid, or mismatching
          redirection URI, or if the client identifier is missing or invalid, the
          authorization server SHOULD inform the resource owner of the error and MUST
          NOT automatically redirect the user-agent to the invalid redirection URI.
      error_description:
        type: string
        description: Human-readable ASCII [USASCII] text providing additional information,
          used to assist the client developer in understanding the error that occurred
      error_uri:
        type: string
        description: A URI identifying a human-readable web page with information
          about the error, used to provide the client developer with additional information
          about the error.
    required:
    - error
securityDefinitions:
  Client_Id:
    type: apiKey
    name: X-IBM-Client-Id
    in: header
    description: ""
  Client_Id (Query):
    type: apiKey
    name: client_id
    in: query
    description: ""
  Client_Secret:
    type: apiKey
    name: X-IBM-Client-Secret
    in: header
    description: ""
  Client_Secret (Query):
    type: apiKey
    name: client_secret
    in: query
    description: ""
paths:
  /password/oauth2/refresh:
    post:
      description: Endpoint for refreshing the access token issued for the grant type
        "Password"
      tags:
      - Authorization Code Grant – Refresh Token Endpoint
      summary: Refresh access token
      parameters:
      - description: 'HTTP Basic authentication by passing base64 encoded value of
          the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret)
          will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ=='
        name: Authorization
        type: string
        required: true
        in: header
      - description: Content type. Value is application/x-www-form-urlencoded
        name: Content-Type
        type: string
        required: true
        in: header
      - schema: []
        description: ""
        name: body
        in: body
      responses:
        200:
          description: The request has succeeded
          schema:
            $ref: '#/definitions/RefreshTokenResponse'
        400:
          description: <table><tr><td>error</td></tr> <tr><td>invalid_request</td></tr>
            <tr><td>invalid_grant</td></tr> <tr><td>unsupported_grant_type</td></tr>
            <tr><td>unauthorized_client</td></tr></table>
          schema:
            $ref: '#/definitions/ErrorResponse'
        401:
          description: <table><tr><td>error</td></tr><tr><td>invalid_client</td></tr>
            </table>
          schema:
            $ref: '#/definitions/ErrorResponse'
        500:
          description: server_error
      security:
      - Client_Id (Query): []
        Client_Secret (Query): []
      - Client_Id: []
        Client_Secret (Query): []
      - Client_Id (Query): []
        Client_Secret: []
      - Client_Id: []
        Client_Secret: []
security:
- Client_Id (Query): []
  Client_Secret (Query): []
- Client_Id: []
  Client_Secret (Query): []
- Client_Id (Query): []
  Client_Secret: []
- Client_Id: []
  Client_Secret: []
x-ibm-endpoints:
- endpointUrl: https://aspac.sandbox.api.citi.com/gcbap
  description: Custom Gateway API Endpoint
  type:
  - production
  - development
...