Skip to main content
POST
Refresh session tokens

Body

application/json
refreshToken
string
required

Raw refresh token previously returned by login/refresh; consumed and rotated server-side. Expired or unknown tokens return 401.

Response

Token refreshed

Refresh-token rotation envelope. Adds socketToken for re-authenticating the realtime socket alongside the new HTTP tokens.

token
string
required
socketToken
string
required
refreshToken
string
required
sessionConfig
object
required

Resolved session configuration returned alongside tokens. Mirrors the org-level idle-timeout / SSO renewal policy so the client can enforce it.

Example:
user
object
required

Compact User payload returned with auth tokens.

Example: