Refresh a token
POST/jwt/refresh
Access tokens have a short lifespan of 5 minutes as they are irrevocable. Conversely, refresh tokens last for 30 days and can be revoked using the logout endpoint.
Therefore, the user's front-end should invoke this endpoint to obtain a new set of session tokens (both access and refresh) when the access token expires.
It's advisable to treat a token as expired under these conditions:
• An HTTP 401 Unauthorized error is received when using the token.
• The token's expiration date (exp
field in the JWT) is approaching within a few seconds.
Avoid relying on any other JWT fields apart from exp
as they are subject to change and are not part of the API contract.
Note that this endpoint does not require authentication, so omit any authentication headers and only include your refresh_token
in the request body.
Request
- application/json
Body
required
Responses
- 200
Tokens.
- application/json
- Schema
- Example (from schema)
Schema
A (typically) short-lived JWT token used to access authenticated resources, e.g. the Nabla User API.
A (typically) long-lived JWT token allowing you to "refresh" your access to resources (i.e. extend your session, returning a fresh access token and a new refresh token with a later expiration).
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0eXBlIjoiYWNjZXNzIiwic3ViIjoiMTIzNDU2Nzg5MCIsIm5hbWUiOiJKb2huIERvZSIsImlhdCI6MTUxNjIzOTAyMn0.v5qdy8w9Ygs5fdic9a1LuX76PUdx3omYd5GlDTAF3Ug",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0eXBlIjoiYWNjZXNzIiwic3ViIjoiMTIzNDU2Nzg5MCIsIm5hbWUiOiJKb2huIERvZSIsImlhdCI6MTUxNjIzOTAyMn0.v5qdy8w9Ygs5fdic9a1LuX76PUdx3omYd5GlDTAF3Ug"
}