API Reference

[Sub] Token exchange response

This topic is used by the cloud to send a access token and refresh token to the device after successful authentication of a different device.

Request Topic and Payload

Topic

things5-production/v1/devices/<device-id>/req/token_exchange_res

Payload Representation

{
  "access_token": {access_token},
  "expires_in": 3600,
  "refresh_expires_in": 1800,
  "refresh_token": {refresh_token},
  "token_type": "Bearer",
  "id_token": {id_token},
  "not-before-policy": 0,
  "session_state": {UUID},
  "scope": "openid profile email"
}

The cloud will publish a message to this topic after the mobile device has successfully scanned the QR code and the session has been authenticated.

Payload Parameters

typedescriptionexample
access_tokenJWT token that the device will use for authenticating HTTPS requests.eyJhbGciOiASU-...
refresh_tokenJWT token that the device will use to keep the session active.eyJhbGciOiASU-...

Example response

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJWSk1CenoxVi1SSFN0SWwzbDJqcVd2WVl2NUZtbjJCSW5ySldwX2UzVzN3In0.eyJleHAiOjE3MDkyMzcyMjMsImlhdCI6MTcwOTIwMTMxNCwianRpIjoiYmUxMGUzMGYtODNlMC00NjY4LTgwYzAtZDRiYmNjOGM2OTA2IiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay52aXN1cC5tZS9hdXRoL3JlYWxtcy90aGluZ3M1LXN0YWdpbmciLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiYTkzNTNhNjEtN2JjZS00MWYyLWE1MzctMGJmYjE1OTc4ZjU4IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYXBpIiwic2Vzc2lvbl9zdGF0ZSI6IjMwMjMzMGJhLTg0N2EtNGNmZC05NDllLTNkZjA5ZGUwOWVkNyIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXRoaW5nczUtc3RhZ2luZyIsIm9mZmxpbmVfYWNjZXNzIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIGVtYWlsIiwic2lkIjoiMzAyMzMwYmEtODQ3YS00Y2ZkLTk0OWUtM2RmMDlkZTA5ZWQ3IiwiZW1haWxfdmVyaWZpZWQiOnRydWUsIm5hbWUiOiJBbmRyZWEgR3Jvc3NldHRpXHVEODNEXHVEQzEzIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYW5kcmVhQHZpc3VwLml0IiwiZ2l2ZW5fbmFtZSI6IkFuZHJlYSIsImZhbWlseV9uYW1lIjoiR3Jvc3NldHRpXHVEODNEXHVEQzEzIiwiZW1haWwiOiJhbmRyZWFAdmlzdXAuaXQifQ.MRLjWLW4Voi2N3n5y4CKAdw26gZDhBp0dW7cXrBSBbzVu6mLvW63Yg8ogiw7UMO3-B0afyrREo9SGeWJUryzE8BEKGAnuA_3kfZsaV_s6UrGuGX_Q-FCmNAdN1CBT8AvnbbryQlp0nfILaIHi4_ThGnsMq5I_JH6HStseePXPdZeEpuBW6R7mhs4eihI05rjAnUR8AxesHrHK1zjjqBloJdsdEWqinzvpQ8gtEtd116zpgtT6wNyzQh44FMiCQNfXoXDZuvuwpjHOdbF9QCvd_ZJ-Dg9zKZymBz-tY0J4KRP6BD_C9r3eXTv96PzgphcX_Jnf_FnBN53czUx5FE9HQ",
  "expires_in": 35909,
  "refresh_expires_in": 1800,
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI2N2NjZjRkMS1jOGZmLTQ2OTYtODk0Zi1hNzhjZGUxOTdiNjAifQ.eyJleHAiOjE3MDkyMDMxMTQsImlhdCI6MTcwOTIwMTMxNCwianRpIjoiM2Y5ZDBjNjgtZjUxNy00NjI0LTgyMzEtNjBmNDY2ZTZlNDRiIiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay52aXN1cC5tZS9hdXRoL3JlYWxtcy90aGluZ3M1LXN0YWdpbmciLCJhdWQiOiJodHRwczovL2tleWNsb2FrLnZpc3VwLm1lL2F1dGgvcmVhbG1zL3RoaW5nczUtc3RhZ2luZyIsInN1YiI6ImE5MzUzYTYxLTdiY2UtNDFmMi1hNTM3LTBiZmIxNTk3OGY1OCIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJhcGkiLCJzZXNzaW9uX3N0YXRlIjoiMzAyMzMwYmEtODQ3YS00Y2ZkLTk0OWUtM2RmMDlkZTA5ZWQ3Iiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCIsInNpZCI6IjMwMjMzMGJhLTg0N2EtNGNmZC05NDllLTNkZjA5ZGUwOWVkNyJ9.bguGHmvt9xRcAiCWyDDziuGuM0Kft8q7OMD-U6fMSo8",
  "token_type": "Bearer",
  "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJWSk1CenoxVi1SSFN0SWwzbDJqcVd2WVl2NUZtbjJCSW5ySldwX2UzVzN3In0.eyJleHAiOjE3MDkyMzcyMjMsImlhdCI6MTcwOTIwMTMxNCwiYXV0aF90aW1lIjowLCJqdGkiOiJkY2RmMWI0NC1iZDkyLTQ4YjYtYTRjNS1jODA5OTg0YTk0MGQiLCJpc3MiOiJodHRwczovL2tleWNsb2FrLnZpc3VwLm1lL2F1dGgvcmVhbG1zL3RoaW5nczUtc3RhZ2luZyIsImF1ZCI6ImFwaSIsInN1YiI6ImE5MzUzYTYxLTdiY2UtNDFmMi1hNTM3LTBiZmIxNTk3OGY1OCIsInR5cCI6IklEIiwiYXpwIjoiYXBpIiwic2Vzc2lvbl9zdGF0ZSI6IjMwMjMzMGJhLTg0N2EtNGNmZC05NDllLTNkZjA5ZGUwOWVkNyIsImF0X2hhc2giOiJYYlQwODdiUXlla3JNQW8zX0owY3RBIiwic2lkIjoiMzAyMzMwYmEtODQ3YS00Y2ZkLTk0OWUtM2RmMDlkZTA5ZWQ3IiwiZW1haWxfdmVyaWZpZWQiOnRydWUsIm5hbWUiOiJBbmRyZWEgR3Jvc3NldHRpXHVEODNEXHVEQzEzIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYW5kcmVhQHZpc3VwLml0IiwiZ2l2ZW5fbmFtZSI6IkFuZHJlYSIsImZhbWlseV9uYW1lIjoiR3Jvc3NldHRpXHVEODNEXHVEQzEzIiwiZW1haWwiOiJhbmRyZWFAdmlzdXAuaXQifQ.NM1A9j5lNKN_jbJcpY2onumY4nARBHNbnAUI8A7WU-GvdRbUiquzLhfYDUDunH87DrEIfepqAROWN9ukcwBX9OD8bnttWr4LPrUbjtV8tfpMLBlvpY_OkvenY1hBLiOitDaKK5mvkdT1iuxS1Fv1EJinRaUYriTi1W0bp4Cx4EHCpiICjp8fQQnasiD_3y0Wq7Me9xIx0asnbtytIXbCZMrbIF750FE3EEGedm4y2vd2cB8OhObtlV5xnKJXJFhKYRsBZisfUuU-NDkx3yvR-BvS8ahHBo2d9grJLX2iU-4I_YH0frUMub8UssqF2qU34oxV2gfrrX9h_JCeIdqU2g",
  "not-before-policy": 0,
  "session_state": {UUID},
  "scope": "openid profile email"
}

  • The access_token should be included in the Authorization header of all future HTTP requests made by the device.
  • Ensure to handle token expiration, send your refresh_token to refresh token to keep your session active.