Refresh access token

POST

/auth/refresh

Production

Exchanges a valid refresh token for a new access and refresh token pair. Rate limited: 30 requests per minute per IP.

Request Body^required

object

refreshToken

required

The refresh token obtained from /auth/verify or a previous /auth/refresh call

string

>= 1 characters <= 130 characters

Responses

200

Tokens refreshed successfully

object

accessToken

required

New JWT access token

string

refreshToken

required

New refresh token (previous one is invalidated)

string

401

Token expired or invalid

object

error

required

Short error description

string

message

required

Human-readable error message

string

code

required

Machine-readable error code

string

Examples

Token expired

{
  "error": "Token expired",
  "message": "The refresh token has expired",
  "code": "TOKEN_EXPIRED"
}

Token invalid

{
  "error": "Token invalid",
  "message": "The refresh token is invalid",
  "code": "TOKEN_INVALID"
}

429

Rate limit exceeded

object

error

required

Short error description

string

message

required

Human-readable error message

string

code

required

Machine-readable error code

string

Refresh access token

Request Body required

Responses

200

401

Examples

429

Request Body^required