> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fincode.technology/llms.txt
> Use this file to discover all available pages before exploring further.

# Refresh Token

> Obtain a new access token and refresh token using a valid refresh token.

Use a valid refresh token to obtain a new pair of JWT access and refresh tokens without requiring the user to re-authenticate with email and password. This is essential for maintaining a long-lived user session.

## Request Headers

<ParamField header="Content-Type" type="string" required default="application/json">
      Must be `application/json`
</ParamField>

<ParamField header="platform" type="string" required default="fincode">
      Platform identifier. Use `fincode`
</ParamField>

<ParamField header="uuid" type="string" required default="200">
      Unique request identifier. Use `200`
</ParamField>

## Request Body

<ParamField body="refresh_token" type="string" required>
  The refresh token obtained from the `/login` or previous
  `/refresh-token` response.
</ParamField>

## Code Examples

<CodeGroup>
  ```bash cURL theme={null}
  curl -X PUT "https://remitjunction.fincode.software/api/v6/services/securitymanagement/refresh-token" \
    -H "Content-Type: application/json" \
    -H "platform: fincode" \
    -H "uuid: 200" \
    -d '{
      "refresh_token": "YOUR_VALID_REFRESH_TOKEN_HERE"
    }'
  ```
</CodeGroup>

***

<AccordionGroup>
  <Accordion title="Invalid Refresh Token (401)" icon="circle-xmark">
    * Prompt the user to log in again using email and password.
    * Check the server logs to confirm token revocation status.
  </Accordion>

  <Accordion title="Token Already Used (403)" icon="rotate-right">
    * Treat as a security breach. Force the user to log in again.
    * Check if your system correctly overwrites the old refresh token with the new one.
  </Accordion>
</AccordionGroup>


## OpenAPI

````yaml PUT /securitymanagement/refresh-token
openapi: 3.0.0
info:
  title: FinCode API
  version: v6
servers:
  - url: https://{tenant}.fincode.software/api/v6/services
    description: API v6
    variables:
      tenant:
        default: remitjunction
        description: Enter your tenant subdomain
  - url: https://{tenant}.fincode.software/api/v1/services
    description: API v1
    variables:
      tenant:
        default: finlend
        description: Enter your tenant subdomain
  - url: https://api.stag.songhaiexchange.io
    description: Songhai Exchange API
security: []
paths:
  /securitymanagement/refresh-token:
    put:
      summary: Refresh Token
      description: Obtain new access token
      operationId: refreshToken
      parameters:
        - $ref: '#/components/parameters/platformHeader'
        - $ref: '#/components/parameters/uuidHeader'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                refresh_token:
                  type: string
              required:
                - refresh_token
      responses:
        '200':
          description: Token refreshed successfully
components:
  parameters:
    platformHeader:
      in: header
      name: platform
      schema:
        type: string
        default: fincode
      required: true
    uuidHeader:
      in: header
      name: uuid
      schema:
        type: string
        default: '200'
      required: true

````