Skip to main content
PUT
/
securitymanagement
/
refresh-token
Refresh Token
curl --request PUT \
  --url https://{tenant}.fincode.software/api/v6/services/securitymanagement/refresh-token \
  --header 'Content-Type: application/json' \
  --header 'platform: <platform>' \
  --header 'uuid: <uuid>' \
  --data '
{
  "refresh_token": "<string>"
}
'
Use a valid refresh token to obtain a new pair of JWT access and refresh tokens without requiring the user to re-authenticate with email and password. This is essential for maintaining a long-lived user session.

Request Headers

Content-Type
string
default:"application/json"
required
    Must be application/json
platform
string
default:"fincode"
required
    Platform identifier. Use fincode
uuid
string
default:"200"
required
    Unique request identifier. Use 200

Request Body

refresh_token
string
required
The refresh token obtained from the /login or previous /refresh-token response.

Code Examples

curl -X PUT "https://remitjunction.fincode.software/api/v6/services/securitymanagement/refresh-token" \
  -H "Content-Type: application/json" \
  -H "platform: fincode" \
  -H "uuid: 200" \
  -d '{
    "refresh_token": "YOUR_VALID_REFRESH_TOKEN_HERE"
  }'

  • Prompt the user to log in again using email and password.
  • Check the server logs to confirm token revocation status.
  • Treat as a security breach. Force the user to log in again.
  • Check if your system correctly overwrites the old refresh token with the new one.

Headers

platform
string
default:fincode
required
uuid
string
default:200
required

Body

application/json
refresh_token
string
required

Response

200

Token refreshed successfully