Skip to main content
POST
/
v1
/
refresh-token
curl -X POST https://api.vouchmark.com/v1/refresh-token \
  -H "Content-Type: application/json" \
  -d '{"refreshToken":"eyJhbGciOiJIUzI1NiIs..."}'
{
  "success": true,
  "message": "Token refreshed successfully"
}
Rotates the refresh token and issues a new access token. The refresh token is read from the refreshToken cookie if present, or from the request body. This endpoint requires no auth middleware.

Body

refreshToken
string
The refresh token to rotate. Optional — if omitted, the value is read from the refreshToken cookie.
curl -X POST https://api.vouchmark.com/v1/refresh-token \
  -H "Content-Type: application/json" \
  -d '{"refreshToken":"eyJhbGciOiJIUzI1NiIs..."}'
{
  "success": true,
  "message": "Token refreshed successfully"
}
The new access token and rotated refresh token are delivered as httpOnly token and refreshToken cookies — they are not returned in the JSON body. The previous refresh token stays valid for a short grace window to absorb concurrent requests.