> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vouchmark.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Refresh token

> Rotate the session and issue fresh auth cookies.

Rotates the refresh token and issues a new access token. The refresh token is read from the `refreshToken` cookie if present, or from the request body. This endpoint requires no auth middleware.

## Body

<ParamField body="refreshToken" type="string">
  The refresh token to rotate. Optional — if omitted, the value is read from the `refreshToken` cookie.
</ParamField>

<RequestExample>
  ```bash cURL theme={null}
  curl -X POST https://api.vouchmark.com/v1/refresh-token \
    -H "Content-Type: application/json" \
    -d '{"refreshToken":"eyJhbGciOiJIUzI1NiIs..."}'
  ```
</RequestExample>

<ResponseExample>
  ```json theme={null}
  {
    "success": true,
    "message": "Token refreshed successfully"
  }
  ```
</ResponseExample>

The new access token and rotated refresh token are delivered as httpOnly `token` and `refreshToken` cookies — they are **not** returned in the JSON body. The previous refresh token stays valid for a short grace window to absorb concurrent requests.
