Skip to main content
⚠️ Archived Version: This documentation is for an outdated version. Please visit the latest version.

Refresh a token

POST 

/jwt/refresh

Access tokens have a short lifespan of 5 minutes as they are irrevocable. Conversely, refresh tokens last for 30 days and can be revoked using the logout endpoint.

Therefore, the user's front-end should invoke this endpoint to obtain a new set of session tokens (both access and refresh) when the access token expires.

It's advisable to treat a token as expired under these conditions:

• An HTTP 401 Unauthorized error is received when using the token.

• The token's expiration date (exp field in the JWT) is approaching within a few seconds. Avoid relying on any other JWT fields apart from exp as they are subject to change and are not part of the API contract.

Note that this endpoint does not require authentication, so omit any authentication headers and only include your refresh_token in the request body.

Request

Body

required
    refresh_tokenstringrequired

Responses

Schema
    access_tokenjwt_token (string)required

    A (typically) short-lived JWT token used to access authenticated resources, e.g. the Nabla User API.

    Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0eXBlIjoiYWNjZXNzIiwic3ViIjoiMTIzNDU2Nzg5MCIsIm5hbWUiOiJKb2huIERvZSIsImlhdCI6MTUxNjIzOTAyMn0.v5qdy8w9Ygs5fdic9a1LuX76PUdx3omYd5GlDTAF3Ug
    refresh_tokenjwt_token (string)required

    A (typically) long-lived JWT token allowing you to "refresh" your access to resources (i.e. extend your session, returning a fresh access token and a new refresh token with a later expiration).

    Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0eXBlIjoiYWNjZXNzIiwic3ViIjoiMTIzNDU2Nzg5MCIsIm5hbWUiOiJKb2huIERvZSIsImlhdCI6MTUxNjIzOTAyMn0.v5qdy8w9Ygs5fdic9a1LuX76PUdx3omYd5GlDTAF3Ug