Refresh OAuth access token
OAuth
Refresh OAuth Token
🔓 PUBLIC ENDPOINT: Exchanges a refresh token for a new access token and refresh token pair. The old refresh token is automatically revoked. Rate limit: 20 requests per minute.
POST
Refresh OAuth access token
Exchanges a refresh token for a new access token and refresh token pair. The old refresh token is automatically revoked.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
refreshToken | string | Yes | Refresh token from token generation |
Example Request
Example Response
Token Rotation
When you refresh a token:- Old refresh token is immediately revoked
- New access token and refresh token are issued
- Use the new refresh token for future refreshes
- Old refresh token cannot be reused
Best Practices
- Refresh tokens before they expire
- Store new refresh tokens securely
- Handle token refresh errors gracefully
- Implement automatic token refresh in your client
Common Errors
400 Bad Request
Invalid request. Refresh token is required.401 Unauthorized
Invalid or expired refresh token. The refresh token may have been used already or has expired.429 Too Many Requests
Rate limit exceeded. Maximum 20 requests per minute for token refresh.Body
application/json
Refresh token obtained from token generation
Example:
"rt_abc123xyz..."
Response
Token refreshed successfully. Returns new access_token, refresh_token, token_type (Bearer), expiration time, and scopes.