Refresh Token API

This endpoint allows customers to obtain a new access token using their refresh token when the original access token expires.

Token Refresh Flow

The token refresh process follows these steps:
  1. Client detects that the access token has expired
  2. Client submits a request with their refresh token
  3. Server validates the refresh token
  4. If valid, server issues a new access token (and optionally a new refresh token)
  5. Client updates stored tokens

Request Example

{
  "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "deviceId": "device-unique-identifier"
}

Response Example

{
  "status": "success",
  "data": {
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expiresIn": 3600,
    "tokenType": "Bearer"
  }
}

Error Codes

CodeDescription
401Invalid refresh token
403Refresh token expired or revoked

Security Considerations

  • Refresh tokens should have a longer lifetime than access tokens
  • Consider implementing refresh token rotation for enhanced security
  • Store refresh tokens securely (HttpOnly cookies or secure storage)