How to Use AAC's New OAuth 2.0 Refresh Tokens for the AAC API
Access Token: Used to make API requests; valid for 5 minutes.
Refresh Token: Used to get a new access token; its lifespan is set when generated (1–365 days).
When refreshing a token, you receive new access and refresh tokens, and the old refresh token becomes invalid.
Starting in Alteryx Analytics Cloud, go to User Preferences. On the left-side panel, select OAuth 2.0 API Tokens.
Select Generate.
Name your token, and set the Lifetime for anywhere between 1 and 365 days.
Save the resulting API Access Token and API Refresh Token in a credential store or secure place of your choosing. If you lose these tokens you will have to restart this process. Do not share these tokens – they are secret and unique.
These details are required to refresh your tokens.
Get the Client ID and Token Endpoint URL from the OAuth2.0 API Tokens page.
These are located right below the Generate Button in AAC. Example:
Construct the Refresh Endpoint URL
Append /token to the “Token Endpoint URL” value to get the refresh endpoint (if it does not already include /token:
Choose a method (Postman, Curl, or Python):
PostmanCreate a new project, and switch the method from GET to POST.
Set the URL to https://pingauth.alteryxcloud.com/as/token.
In the Body tab, select x-www-form-urlencoded with these fields:
grant_type: refresh_token
refresh_token: Paste your current refresh token.
client_id: Paste your client ID.
It should look something like this:
Click Send. The response contains new tokens. Save these in a credential store or secure place of your choosing. If you lose these tokens you will have to restart this process. Do not share these tokens – they are secret and unique.
Pro Tip: I like to save this Postman request for when I want to refresh my tokens (to come later).
Curl
Run a command similar to this:
curl --location 'https://pingauth.alteryxcloud.com/as/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'refresh_token=<REFRESH_TOKEN>' \
--data-urlencode 'client_id=<CLIENT_ID>'
Python
Use this script as a base:
import urllib.parse
import urllib.request
REFRESH_URL = "https://pingauth.alteryxcloud.com/as/token"
OAUTH_CLIENT_ID = "<your_client_id>"
REFRESH_TOKEN = "<your_refresh_token>"
def refresh_tokens(refresh_token):
headers = {
"Content-Type": "application/x-www-form-urlencoded"
}
body = {
"grant_type": "refresh_token",
"refresh_token": refresh_token,
"client_id": OAUTH_CLIENT_ID
}
# URL encode the body for the refresh request
encoded_body = urllib.parse.urlencode(body).encode()
# Make the refresh request
request = urllib.request.Request(REFRESH_URL, data=encoded_body, method='POST')
with urllib.request.urlopen(request) as response:
return json.load(response)
new_tokens = refresh_tokens(REFRESH_TOKEN)
print("New Access Token:", new_tokens['access_token'])
print("New Refresh Token:", new_tokens['refresh_token'])
Important Notes
Refresh Token Rotation: A new refresh token is issued each time you refresh tokens. Always replace your old tokens with the new ones.
Security: Store tokens securely and avoid exposing them.
How to use the access token you just generated to make an API call
Once you have your new access token and refresh token, you’ll use the access token to make API calls. Here’s how to proceed:
Refresh Token Use
The refresh token is NOT used for direct API calls.
Save it securely for later to refresh your tokens when the current access token expires.
Steps to Make an API Call Using the New Access Token Using Postman
Create a New Request:
Open Postman and select New
Set the HTTP method (e.g., GET, POST) and enter the full API URL.
Add Authorization:
Go to the Authorization tab.
From the Auth Type dropdown, select Bearer Token.
Paste your new access token into the field.
Depending on the API, there may be other required Headers.
Add a Request Body (if required):
Go to the Body tab and include the necessary payload in raw or form-data format.
Send the Request:
Click the Send button.
If the token is valid and the request is correct, you’ll get a response.
Using Curl
You can also use curl in the terminal to make an API call. Here's an example:
curl --location --request GET 'https://api.us1.alteryxcloud.com/iam/v1/workspaces/current' \
--header 'Authorization: Bearer <YOUR_ACCESS_TOKEN>'
Replace <YOUR_ACCESS_TOKEN> with the actual token.
Using Python
If you're scripting, you can use Python to call the API:
import urllib.request
import json
# API endpoint
API_URL = "https://api.us1.alteryxcloud.com/iam/v1/workspaces/current"
# New access token
ACCESS_TOKEN = "<YOUR_ACCESS_TOKEN>"
# Headers
headers = {
"Authorization": f"Bearer {ACCESS_TOKEN}",
"Content-Type": "application/json"
}
# Make the GET request
request = urllib.request.Request(API_URL, headers=headers)
with urllib.request.urlopen(request) as response:
print(json.load(response))
Handling Expired Tokens
If you receive a 401 Unauthorized error, your access token may have expired.
Use your refresh token to obtain a new access token and try the request again.
