Skip to main content
POST /api/v1/refresh-token No authentication required. Issues a new access token and rotates the refresh token. The previous refresh token is immediately invalidated. Use this endpoint before the access token expires (1 hour) to maintain a session without prompting the user to log in again.
The old refresh token becomes invalid as soon as this endpoint is called. Store the new refresh_token from the response.

Request body

refresh_token
string
required
The current refresh token obtained from login or a previous refresh.

Response

Returns a full SessionResponse identical in structure to login.
token
string
required
New JWT access token. Expires after 1 hour.
refresh_token
string
required
New JWT refresh token. Expires after 30 days. The previous token is now invalid.
user
object
required
The authenticated user.
current_organization
object
required
The organization this session is scoped to.
organizations
OrganizationSummary[]
required
All organizations the caller is a member of. Same structure as current_organization.

Errors

StatusWhen
401The refresh token is missing, expired, or invalid

Example

curl -X POST http://localhost:8080/api/v1/refresh-token \
  -H "Content-Type: application/json" \
  -d '{
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }'

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": { "..." : "..." },
  "current_organization": { "..." : "..." },
  "organizations": []
}

Build docs developers (and LLMs) love

Get started for freeTalk to us