Refresh Token
Authentication
Refresh Token
Obtain a new access token and refresh token using a valid refresh token.
PUT
Refresh Token
Use a valid refresh token to obtain a new pair of JWT access and refresh tokens without requiring the user to re-authenticate with email and password. This is essential for maintaining a long-lived user session.
Request Headers
Must be
application/json Platform identifier. Use
fincode Unique request identifier. Use
200Request Body
The refresh token obtained from the
/login or previous
/refresh-token response.Code Examples
Invalid Refresh Token (401)
Invalid Refresh Token (401)
- Prompt the user to log in again using email and password.
- Check the server logs to confirm token revocation status.
Token Already Used (403)
Token Already Used (403)
- Treat as a security breach. Force the user to log in again.
- Check if your system correctly overwrites the old refresh token with the new one.
