How can I use a refresh token to prevent being timed out after an hour with an access token?
The LUSID access token generated by your identity provider (the default being Okta) expires after 1 hour. If you aren't already familiar with the authentication process see getting started with the LUSID APIs and SDKs.
Instead of going through the entire authentication flow every 1 hour when the token expires, you can use a refresh token to generate a new access token. To ensure that you receive a refresh token with your original authentication request, make sure you include "offline_access" in the scope parameter. You can see an example below:
This will return the LUSID access token as well as a refresh token.
To use the refresh token to generate a new access token you can make a POST request to the same URL as the initial authentication with a grant type of refresh_token and provide the refresh token in the body.
The main difference between this request and the initial request is that instead of sending your client id, client secret, username and password along with your request, you will instead need to send the client id and client secret in the authorization header using basic authentication.
You can see an example of using your refresh token to generate a new access token below:
This request will return a new access token.