aress
POST /v1/auth/refresh

Refresh Token

Exchange a refresh token for a new access token.

Exchanges the current refresh token (sent via httpOnly cookie) for a new access token. The old refresh token is revoked and a new one is issued (token rotation).

No request body is required — the refresh token is read from the refresh_token cookie.

Responses

200

401

Invalid or expired refresh token

Response

200 200 OK
{
  "accessToken": "example_accessToken",
  "expiresAt": 0
}