POST /refresh - Refresh Access Token

Use this endpoint to refresh an expired access token using your refresh token.

Endpoint URL

POST /api/refresh?api_token=your_api_access_token

Request Headers

Content-Type: application/json

Request Body

{
    "refresh_token": "def50200a1b2c3d4e5f6789..."
}

Response

Success (200 OK):
{
    "status": "success",
    "message": "Token refreshed successfully",
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
    "expires_in": 3600,
    "token_type": "Bearer"
}
Error (401 Unauthorized):
{
    "status": "error",
    "message": "Invalid or expired refresh token"
}

Example Usage

curl -X POST "https://api.creditrisk.co.za/api/refresh?api_token=your_api_token" \
  -H "Content-Type: application/json" \
  -d '{
    "refresh_token": "def50200a1b2c3d4e5f6789..."
  }'
async function refreshToken() {
  const refreshToken = localStorage.getItem('refresh_token');
  
  const response = await fetch('https://api.creditrisk.co.za/api/refresh?api_token=your_api_token', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      refresh_token: refreshToken
    })
  });
  
  if (response.ok) {
    const data = await response.json();
    localStorage.setItem('access_token', data.access_token);
    return data.access_token;
  } else {
    // Redirect to login
    window.location.href = '/login';
  }
}

When to Use

Token Expiration

Access tokens typically expire after 1 hour. When you receive a 401 error, try refreshing the token before re-authenticating.

Automatic Refresh

Implement automatic token refresh in your application to provide seamless user experience.

Important: Refresh tokens also expire (usually after 7 days). When a refresh token expires, the user must authenticate again using the /auth endpoint.