Added
VTEX ID API: New endpoints for token renewal
March, 14
We've introduced two new endpoints to the VTEX ID API to allow merchants to securely renew API tokens: PATCH Initiate token renewal and PATCH Complete token renewal. This two-step renewal process ensures better security while maintaining service continuity.
What has changed?
Previously, the new API keys experience only allowed token renewal via the Admin interface. Now, there are two API endpoints dedicated to renewing tokens:
| Endpoint | Description |
|---|---|
PATCH Initiate token renewal | Starts the API token renewal process by generating a new token while keeping the current token active. This ensures a smooth transition without service disruption. The previous token and the new token are both valid until the renewal process is completed by making a request to PATCH Complete token renewal. |
PATCH Complete token renewal | Finishes the API token renewal process, which deactivates the old token. After this step, the old token can no longer be used, ensuring security by enforcing a controlled rotation. |
Any user or application key must have the Renew API Token License Manager resource to be able to successfully run these requests. Otherwise, they will get a status code 403 error.