Refresh a token

POST /jwt/refresh

Access tokens have a short lifespan of 5 minutes as they are irrevocable. Conversely, refresh tokens last for 30 days and can be revoked using the logout endpoint.

Therefore, the user's front-end should invoke this endpoint to obtain a new set of session tokens (both access and refresh) when the access token expires.

It's advisable to treat a token as expired under these conditions:

• An HTTP 401 Unauthorized error is received when using the token.

• The token's expiration date (exp field in the JWT) is approaching within a few seconds. Avoid relying on any other JWT fields apart from exp as they are subject to change and are not part of the API contract.

Note that this endpoint does not require authentication, so omit any authentication headers and only include your refresh_token in the request body.

Request

application/json

Body

required

refresh_token stringrequired

Responses

Tokens.

application/json

Schema
Example (from schema)

Schema

access_token jwt_tokenrequired

A (typically) short-lived JWT token used to access authenticated resources, e.g. the Nabla User API.

refresh_token jwt_tokenrequired

A (typically) long-lived JWT token allowing you to "refresh" your access to resources (i.e. extend your session, returning a fresh access token and a new refresh token with a later expiration).

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0eXBlIjoiYWNjZXNzIiwic3ViIjoiMTIzNDU2Nzg5MCIsIm5hbWUiOiJKb2huIERvZSIsImlhdCI6MTUxNjIzOTAyMn0.v5qdy8w9Ygs5fdic9a1LuX76PUdx3omYd5GlDTAF3Ug",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0eXBlIjoiYWNjZXNzIiwic3ViIjoiMTIzNDU2Nzg5MCIsIm5hbWUiOiJKb2huIERvZSIsImlhdCI6MTUxNjIzOTAyMn0.v5qdy8w9Ygs5fdic9a1LuX76PUdx3omYd5GlDTAF3Ug"
}

Refresh a token

/jwt/refresh

Request​

Body

Responses​

Request

Responses