Skip to main content

POST /api/auth/refresh

Refreshes the user’s session by exchanging a valid refresh token for a new access token and refresh token pair.

Authentication

No authentication required (uses refresh token in request body).

Request Body

refresh_token
string
required
The refresh token obtained from the login endpoint

Response Fields

access_token
string
New JWT access token for API authentication
refresh_token
string
New JWT refresh token for future token refreshes
expires_at
number
Unix timestamp when the new access token expires
expires_in
number
Number of seconds until the new access token expires (default: 3600)

Example Request

curl -X POST https://api.example.com/api/auth/refresh \
  -H "Content-Type: application/json" \
  -d '{
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }'

Example Response

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_at": 1709568000,
  "expires_in": 3600
}

Error Responses

400 Bad Request

Missing refresh token: 
{
  "error": "Refresh token es requerido"
}

401 Unauthorized

Invalid or expired refresh token: 
{
  "error": "Refresh token inválido o expirado"
}

500 Internal Server Error

{
  "error": "Error en el servidor"
}
The refresh token endpoint returns both a new access token and a new refresh token. Always use the latest refresh token for subsequent refresh requests.
Refresh tokens have a longer expiration time than access tokens. If the refresh token is expired, the user will need to login again.

Build docs developers (and LLMs) love

Get started for freeTalk to us