Generates a new access token using a valid refresh token. Use this endpoint when the access token expires to maintain user sessions without requiring re-authentication.
Request Body
The refresh token obtained from the login endpoint.
Response
New JWT access token for authenticating API requests.
Error Responses
400 Bad Request
Returned when:
- Refresh token is missing
- Refresh token is not a string
401 Unauthorized
Returned when:
- Refresh token has expired (TokenExpiredError)
- Refresh token is invalid or malformed (JsonWebTokenError)
- Refresh token is not yet valid (NotBeforeError)
- Token verification fails for other reasons
500 Internal Server Error
Returned when:
- Access token generation fails
Example Request
curl -X POST https://api.tresacontafy.com/api/auth/refresh \
-H "Content-Type: application/json" \
-d '{
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}'
Example Response
{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Error Response Examples
Expired Token
{
"error": "Refresh token expirado",
"message": "Tu sesión ha expirado. Por favor inicia sesión nuevamente."
}
Invalid Token
{
"error": "Refresh token inválido",
"message": "El token de renovación no es válido. Por favor inicia sesión nuevamente."
}
When a refresh token expires or is invalid, the user must log in again to obtain new tokens. The client should redirect to the login page in these cases.
Token Lifecycle
- User logs in and receives both access and refresh tokens
- Client uses access token for API requests
- When access token expires, client uses refresh token to get a new access token
- Client continues using the new access token
- When refresh token expires, user must log in again