Refresh Token
POST /v1/auth/refresh-token
Exchanges a valid refresh token for a new access token. The refresh token itself remains the same.
No Authorization Required
This endpoint does not require a Bearer token. It uses the refresh token from the request body.
Headers
| Header | Required | Value |
|---|---|---|
Content-Type | Yes | application/json |
X-Target-Server | Yes | authentication |
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
refresh_token | string | Yes | The refresh token obtained from the authenticate endpoint |
{
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Response
200 OK
Returns a new access token with the same refresh token.
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_at": "2025-01-01T02:00:00Z",
"created_at": "2025-01-01T01:00:00Z"
}
| Field | Type | Description |
|---|---|---|
token | string | New JWT access token (valid for 1 hour) |
refresh_token | string | Same refresh token (valid for 24 hours from original creation) |
expires_at | string (ISO 8601) | New access token expiration time |
created_at | string (ISO 8601) | New token creation time |
400 Bad Request
Refresh token is missing or malformed.
{
"code": 0,
"domain": 0,
"message": "refresh_token is required"
}
401 Unauthorized
Refresh token is expired, invalid, or revoked.
{
"code": 0,
"domain": 0,
"message": "invalid or expired refresh token"
}
500 Internal Server Error
{
"code": 0,
"domain": 0,
"message": "internal server error"
}