Refresh access token

curl --request POST \
  --url https://api.example.com/api/auth/refresh \
  --header 'Content-Type: application/json' \
  --data '
{
  "refreshToken": "<string>"
}
'

{
  "user": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "email": "[email protected]",
    "profile": {
      "name": "<string>",
      "avatar_url": "<string>"
    },
    "metadata": {},
    "emailVerified": true,
    "providers": [
      "<string>"
    ],
    "createdAt": "2023-11-07T05:31:56Z",
    "updatedAt": "2023-11-07T05:31:56Z"
  },
  "accessToken": "<string>",
  "csrfToken": "<string>",
  "refreshToken": "<string>"
}

POST

api

auth

refresh

Refresh access token

curl --request POST \
  --url https://api.example.com/api/auth/refresh \
  --header 'Content-Type: application/json' \
  --data '
{
  "refreshToken": "<string>"
}
'

{
  "user": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "email": "[email protected]",
    "profile": {
      "name": "<string>",
      "avatar_url": "<string>"
    },
    "metadata": {},
    "emailVerified": true,
    "providers": [
      "<string>"
    ],
    "createdAt": "2023-11-07T05:31:56Z",
    "updatedAt": "2023-11-07T05:31:56Z"
  },
  "accessToken": "<string>",
  "csrfToken": "<string>",
  "refreshToken": "<string>"
}

Headers

X-CSRF-Token

string

CSRF token received from login/register response (required for web clients only)

Query Parameters

client_type

enum<string>

default:web

Client type determines how refresh tokens are handled:

web: Refresh token from httpOnly cookie, requires X-CSRF-Token header
mobile/desktop: refreshToken provided in request body, new refreshToken returned in response

Available options:

web,

mobile,

desktop

Body

application/json

refreshToken

string

Refresh token (required for mobile/desktop clients only)

Response

Token refreshed successfully

user

object

Show child attributes

accessToken

string

csrfToken

string | null

New CSRF token for subsequent refresh requests (web clients only)

refreshToken

string | null

New refresh token for mobile/desktop clients (must be persisted for next refresh)

User login Logout user

⌘I

Tables

Authentication

Records

Storage

AI Integration

Functions

Realtime

Email

Secrets

Logs

Metadata

Health

Refresh access token

Headers

Query Parameters

Body

Response