Skip to main content
POST
/
api
/
auth
/
refresh
Refresh Token
curl --request POST \
  --url https://api.example.com/api/auth/refresh \
  --header 'Content-Type: application/json' \
  --data '
{
  "refreshToken": "<string>"
}
'
{
  "accessToken": "<string>",
  "error": "<string>",
  "message": "<string>"
}
Refreshes an expired access token using a valid refresh token. This endpoint allows users to maintain their session without requiring them to log in again.

Authentication

No authentication required (uses refresh token in request body).

Request Body

refreshToken
string
required
Valid refresh token obtained from the login endpoint.

Response

accessToken
string
New JWT access token for authenticating API requests. Include this in the Authorization header as Bearer {accessToken}.

Example Request

curl -X POST https://api.contafy.com/api/auth/refresh \
  -H "Content-Type: application/json" \
  -d '{
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }'

Example Response

{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiJ1c3JfMWEyYjNjNGQ1ZTZmN2c4aCIsImlhdCI6MTcwNTMyMDAwMCwiZXhwIjoxNzA1MzIzNjAwfQ..."
}

Error Responses

error
string
Error type identifier.
message
string
Human-readable error message.

Common Errors

401 Unauthorized 
{
  "error": "INVALID_TOKEN",
  "message": "El refresh token es inválido o ha expirado"
}
400 Bad Request 
{
  "error": "VALIDATION_ERROR",
  "message": "Refresh token es requerido"
}

Notes

  • Access tokens typically expire after 1 hour
  • Refresh tokens typically expire after 7 days
  • When a refresh token expires, the user must log in again
  • Store refresh tokens securely and never expose them in client-side code