Skip to Content
SegurançaRenovar Token

Renovação

A renovação do token deve ser utilizada quando for necessário manter o usuário logado mesmo após a expiração do access_token.

Para renovar o token, precisa apenas informar o usuário utilizado no login. A API de Segurança irá validar os dados de acesso do usuário, e caso seja da mesma origem, um novo access_token será gerado sem a necessidade de informar a senha.

Por exemplo:

  • Usuário: teste@gmail.com

Montando a requisição

Método da requisição

POST

Endereço da requisição

Desenvolvimento:

https://apidsv.unimedbh.io/security/v1/refresh

Homologação:

https://apihml.unimedbh.io/security/v1/refresh

Produção:

https://api.unimedbh.io/security/v1/refresh

Cabeçalho da requisição

{
    "Content-Type": "application/json"
}

Corpo da requisição

{
  "username": "teste@gmail.com"
}

Respostas da requisição

200 - Sucesso

{
    "uid": "teste@gmail.com",
    "name": "MARGARIDA",
    "fullName": "MARGARIDA RAMOS DE PAULA",
    "email": "teste@gmail.com",
    "cpf": "52253155691",
    "birthday": "26/06/1936",
    "personId": 3181886,
    "token": "AQIC5wM2LY4SfcyS8UGjl8mQEGH-Y0q0RXBoezMxrDFWiak.*AAJTSQACMDIAAlNLABMtMzQwMzYxMDcxMjM1MTg2OTI3AAJTMQACMDE.*",
    "cookies": [
        "amlbcookiehx=cluster_openam.unisrv1192; Domain=.unimedbh.com.br; Path=/",
        "amlbcookiehx=cluster_openam.unisrv1192; Domain=.unimedbh.io; Path=/",
        "unibhAT=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MDMwMDgyMDgsInVzZXJfbmFtZSI6InRlc3RlQGdtYWlsLmNvbSIsImp0aSI6IjU4MTY3ZTY5LTQyOWItNGEyYi1iYTFjLWExNjI4OWIxOTZiMCIsImNsaWVudF9pZCI6ImFjZXNzb2RzdiIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.e3InzRkZ01ClrZZbJ4PJcF7GbcJ5umGhE4eYr5UL4C5rEkbBUAPA36Fcqw09Ynkg_hipuyT9XCCMcZua3ILNOb-qKhh0gP8V5-rDoetJVFZBEgHoZq5sy13pWcnwxT2ggS9Ddyky7_Rl5L9_yNHUtnCyreZ4X7m3O3VJbT9cSd3l93ZkpXp6jCNGwy3RK6fX8-k3Nr0ycENj6VqETZTZ_98R7w0EAvI3T7PGcqmVs4YDEStpd0zLhmJYU3JELhv7q6cDlc9Og2RMjHZq7q5LRp4lJerHS7XKHKyO-L-s4n544h7ec_UTobFnJHedg5wumatF06IPOtNMrRzvsTLkNw;domain=unimedbh.com.br;path=/"
    ],
    "roles": [],
    "fullRoles": [],
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MDMwMDgyMDgsInVzZXJfbmFtZSI6InRlc3RlQGdtYWlsLmNvbSIsImp0aSI6IjU4MTY3ZTY5LTQyOWItNGEyYi1iYTFjLWExNjI4OWIxOTZiMCIsImNsaWVudF9pZCI6ImFjZXNzb2RzdiIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.e3InzRkZ01ClrZZbJ4PJcF7GbcJ5umGhE4eYr5UL4C5rEkbBUAPA36Fcqw09Ynkg_hipuyT9XCCMcZua3ILNOb-qKhh0gP8V5-rDoetJVFZBEgHoZq5sy13pWcnwxT2ggS9Ddyky7_Rl5L9_yNHUtnCyreZ4X7m3O3VJbT9cSd3l93ZkpXp6jCNGwy3RK6fX8-k3Nr0ycENj6VqETZTZ_98R7w0EAvI3T7PGcqmVs4YDEStpd0zLhmJYU3JELhv7q6cDlc9Og2RMjHZq7q5LRp4lJerHS7XKHKyO-L-s4n544h7ec_UTobFnJHedg5wumatF06IPOtNMrRzvsTLkNw",
    "expires_in": "3599"
}

Caso passe na validação de segurança, serão retornados dois novos tokens:

  • token - Controlado pelo OpenAM
  • access_token - Controlado pela API de Segurança

400 - Dados Inválidos

{
    "date": "19/12/2023 16:51:42",
    "message": "O campo 'username' é obrigatório.",
    "details": []
}

401 - Não autorizado

{
    "date": "19/12/2023 16:29:32",
    "message": "Unauthorized!",
    "details": []
}

403 - Acesso negado

{
    "date": "19/12/2023 16:29:32",
    "message": "Forbidden!",
    "details": []
}

Exemplos da requisição

HTTP

POST /security/v1/refresh HTTP/1.1
Host: apihml.unimedbh.io
Content-Type: application/json
Content-Length: 61

{
  "username": "teste@gmail.com"
}

cURL

curl --location 'https://apihml.unimedbh.io/security/v1/refresh' \
--header 'Content-Type: application/json' \
--data-raw '{
  "username": "teste@gmail.com"
}'

JavaScript

const myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");
 
const raw = JSON.stringify({
  "username": "teste@gmail.com"
});
 
const requestOptions = {
  method: 'POST',
  headers: myHeaders,
  body: raw,
  redirect: 'follow'
};
 
fetch("https://apihml.unimedbh.io/security/v1/refresh", requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

Node.js

const axios = require('axios');
const data = JSON.stringify({
  "username": "teste@gmail.com"
});
 
const config = {
  method: 'post',
  maxBodyLength: Infinity,
  url: 'https://apihml.unimedbh.io/security/v1/refresh',
  headers: { 
    'Content-Type': 'application/json'
  },
  data : data
};
 
axios.request(config)
  .then((response) => {
    console.log(JSON.stringify(response.data));
  })
  .catch((error) => {
    console.log(error);
  });

PHP

<?php
 
$curl = curl_init();
 
curl_setopt_array($curl, array(
  CURLOPT_URL => 'https://apihml.unimedbh.io/security/v1/refresh',
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => '',
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 0,
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => 'POST',
  CURLOPT_POSTFIELDS =>'{
  "username": "teste@gmail.com"
}',
  CURLOPT_HTTPHEADER => array(
    'Content-Type: application/json'
  ),
));
 
$response = curl_exec($curl);
 
curl_close($curl);
echo $response;

Java

Unirest.setTimeouts(0, 0);
HttpResponse<String> response = Unirest.post("https://apihml.unimedbh.io/security/v1/refresh")
  .header("Content-Type", "application/json")
  .body("{\"username\": \"teste@gmail.com\"}")
  .asString();

C#

var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, "https://apihml.unimedbh.io/security/v1/refresh");
var content = new StringContent("{\"username\": \"teste@gmail.com\"}", null, "application/json");
request.Content = content;
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
Console.WriteLine(await response.Content.ReadAsStringAsync());
Last updated on
Validar TokenLogout/Revogar Token