Skip to main content

Endpoint

POST /api/auth/refresh
Generates a new access token and refresh token using the existing refresh token stored in cookies.

Request

This endpoint requires the refresh_token cookie to be sent with the request. No request body is needed.

Response

accessToken
string
New JWT access token for authenticating API requests

Success response

{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
The response also sets a new refresh_token cookie with the following properties:
  • HttpOnly: true (not accessible via JavaScript)
  • SameSite: Strict
  • Path: /api/auth
  • Max-Age: 30 days
  • Secure: false (should be true in production)

Error responses

400 Bad Request - Invalid or expired refresh token 
{
  "error": "Invalid refresh token"
}
401 Unauthorized - Missing refresh token 
{
  "error": "Refresh token is required"
}

Example request

curl -X POST https://api.brautcloud.com/api/auth/refresh \
  -H "Content-Type: application/json" \
  -b cookies.txt \
  -c cookies.txt
The -b cookies.txt flag sends the saved refresh token cookie, and -c cookies.txt saves the new refresh token.

Status codes

CodeDescription
200Token refreshed successfully
400Invalid or expired refresh token
401Missing refresh token

Build docs developers (and LLMs) love

Get started for freeTalk to us