Refresh Token
Exchange a valid refresh token for a new access token and a rotated refresh token. The token can be supplied via HttpOnly cookie or as refresh_token in the request body. Reuse of an already-consumed token immediately revokes the entire token family.
POSThttps://api.marinahealth.eu/auth/refresh
Request Body
Body Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| refresh_token | string | optional | Refresh token. If omitted, the token is read from the HttpOnly cookie. |
Example Request
cURL
curl -X POST https://api.marinahealth.eu/auth/refresh \
-b cookies.txt \
-c cookies.txtResponse
Successful
| Field | Type | Description |
|---|---|---|
| access_token | string | New JWT access token. |
| refresh_token | string | New rotated refresh token. Also set as an HttpOnly cookie. |
| token_type | string | Always "Bearer". |
| expires_in | number | Access token lifetime in seconds. |
json
{
"access_token": "eyJhbGciOiJIUzI1NiJ9...",
"refresh_token": "new_opaque_refresh_token",
"token_type": "Bearer",
"expires_in": 900
}