Refresh a token

POST /jwt/refresh

Access tokens have a short lifespan of 5 minutes as they are irrevocable. Conversely, refresh tokens last for 30 days and can be revoked using the logout endpoint.

Therefore, the user's front-end should invoke this endpoint to obtain a new set of session tokens (both access and refresh) when the access token expires.

It's advisable to treat a token as expired under these conditions:

• An HTTP 401 Unauthorized error is received when using the token.

• The token's expiration date (exp field in the JWT) is approaching within a few seconds. Avoid relying on any other JWT fields apart from exp as they are subject to change and are not part of the API contract.

Note that this endpoint does not require authentication, so omit any authentication headers and only include your refresh_token in the request body.

Request

Responses

Tokens.

Refresh a token

/jwt/refresh

Request​

Responses​

Request

Responses