Skip to content
MemGhost MemGhost Docs
memghost.com Open App

Refresh access token

POST
/auth/refresh

Refreshes an expired or soon-to-expire access token using a valid refresh token. Returns a new access token and optionally a new refresh token.

This is a command that returns 202 Accepted. The session is updated asynchronously, but new tokens are returned synchronously.

Authorizations

Section titled “Authorizations ”

Request Body required

Section titled “Request Body required ”
object
refresh_token
required

Valid refresh token

string
Example
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Examples
{
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Token refreshed successfully

object
access_token
required

New JWT access token (valid for 1 hour)

string
Example
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
refresh_token

New JWT refresh token (if rotated, valid for 90 days)

string
Example
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
expires_in
required

Access token expiration time in seconds

integer
Example
3600
token_type
required

Token type (always “Bearer”)

string
Example
Bearer
Examples
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_in": 3600,
  "token_type": "Bearer"
}

400

Section titled “400 ”

Bad request (invalid parameters)

object
error
required

Error code

string
Allowed values: validation_error not_found version_conflict internal_error invalid_request unauthorized rate_limit_exceeded
Example
unauthorized
message
required

Human-readable error message

string
Example
Invalid username or password
details

Additional error details (field-level validation errors, etc.)

object
key
additional properties
any
Examples
{
  "error": "validation_error",
  "message": "Invalid request parameters",
  "details": {
    "username": "Username is required",
    "password": "Password must be at least 8 characters"
  }
}

401

Section titled “401 ”

Invalid or expired refresh token

object
error
required

Error code

string
Allowed values: validation_error not_found version_conflict internal_error invalid_request unauthorized rate_limit_exceeded
Example
unauthorized
message
required

Human-readable error message

string
Example
Invalid username or password
details

Additional error details (field-level validation errors, etc.)

object
key
additional properties
any
Examples
{
  "error": "unauthorized",
  "message": "Invalid or expired refresh token"
}

500

Section titled “500 ”

Internal server error

object
error
required

Error code

string
Allowed values: validation_error not_found version_conflict internal_error invalid_request unauthorized rate_limit_exceeded
Example
unauthorized
message
required

Human-readable error message

string
Example
Invalid username or password
details

Additional error details (field-level validation errors, etc.)

object
key
additional properties
any
Examples
{
  "error": "internal_error",
  "message": "An internal error occurred"
}