HomeGuidesAPI Reference
GuidesAPI ReferenceGitHubAirheads Developer CommunityLog In

Obtaining Access Token

Access Token is a string that identifies an user, app, or web page and is used by the API client app to access an API. The access token provides a temporary and secure access to the APIs. Access Token is required to securely make an API Request to Aruba Central API Gateway.

New access token can be generated in two ways,

  • Using API Gateway in Web UI
  • Using OAuth protocol via REST API (covered in the next section OAuth Authentication)



An Access Token expires in 2 hours. Instead of generating a new token, the expired token can be refreshed via an API call. More information on refreshing token available in the next section "OAuth Authentication"

Obtain Access Token via Web UI

New access token will be generated upon creating an application in the API Gateway as described in the previous section (Creating Application & Token).

Multiple access tokens can be created for an app. To add more access token to an app or generate a new access token, follow the steps similar to creating the API client application.

  • Click on + Add Apps & Token button
  • Enter the existing application name and choose application type from the drop down box.
  • When existing application name is used, new access token will be generated and populated in the Token List table

The generated access token can be found in the Token List table under My Apps & Tokens (System Apps & Tokens, if admin user) under API Gateway Page.


Token List Table showing all the Tokens that was generated, including the expired ones.

Click the Download Token button to view the generated token. The Access Token will contain the the following details in JSON format.

  • access_token: Contains access token value to be used in API requests
  • refresh_token: Contains a refresh token string. Using this value in Refresh Token API, the existing access token can be refreshed to a value, instead of creating a new access token.
  "access_token": "xxxx", 
  "appname": "xxx", 
  "authenticated_userid": "[email protected]", 
  "created_at": 1582847137105, 
  "credential_id": "xxxx", 
  "expires_in": 7200, 
  "id": "xxxx", 
  "refresh_token": "xxxx", 
  "scope": "all", 
  "token_type": "bearer"



An access token can also be revoked by an admin user by clicking on the Revoke Token button. In this case, one cannot use refresh token to regain access. To obtain access again, new token needs to be created.

What’s Next

Try out an API using API Swagger Documentation using the access token OR Head to OAuth Authentication section to learn about the creating access token via OAuth protocol.