Skip to main content
POST
/
v1
/
refresh-token
curl -X POST https://api.vouchmark.com/v1/refresh-token \
  -H "Content-Type: application/json" \
  -d '{"refreshToken":"eyJhbGciOiJIUzI1NiIs..."}'

{
  "success": true,
  "accessToken": "eyJ...",
  "refreshToken": "eyJ..."
}

Documentation Index

Fetch the complete documentation index at: https://docs.vouchmark.com/llms.txt

Use this file to discover all available pages before exploring further.

Returns a new access token. The refresh token is rotated on every call — store the new one and discard the old. The refresh token is read from the refreshToken cookie if present; server clients can also send it in the body.

Body (server clients)

refreshToken
string
The refresh token issued at login. Omit if you’re sending the refreshToken cookie.

Response

success
boolean
accessToken
string
refreshToken
string
A new refresh token. Replace the one you had.
curl -X POST https://api.vouchmark.com/v1/refresh-token \
  -H "Content-Type: application/json" \
  -d '{"refreshToken":"eyJhbGciOiJIUzI1NiIs..."}'

{
  "success": true,
  "accessToken": "eyJ...",
  "refreshToken": "eyJ..."
}
Refresh tokens are single-use. If you receive 401 REFRESH_TOKEN_REUSED, the token has been used before — treat this as a possible compromise and force the user to re-authenticate.