Skip to main content
POST
Refresh JWT access token

Refresh JWT access token

Refreshes the authenticated user’s JWT access token, generating a new token and returning it in the response. This is useful when you need a fresh token with a different validity period than the original.

Authentication

Requires a valid customer bearer token via the Authorization header.

Request Body

Response

Returns an ActionConfirmation envelope.
WasSuccessful
boolean
required
true when the token was refreshed successfully.
Value
string | null
The new JWT access token string. Use this as the Authorization: Bearer value for subsequent API requests. null when WasSuccessful is false.
Status
number
HTTP-style status code mirrored in the response body. 200 on success, 500 on failure.
Message
string | null
Human-readable message. Usually "OK" on success.
Errors
any
Validation or server errors. null on success.

Examples

Refresh with default validity (30 minutes)

Refresh with custom validity (60 minutes)

Admin Endpoint: Refresh Another User’s Token

An admin variant of this endpoint exists at POST /api/sys/users/{id}/token/refresh which allows refreshing the token for a specific user by ID.

Authentication

Requires a bearer token with ADMIN role or User-Edit permission.

URL Parameter

Request Body

Same as the current-user endpoint — optional ValidityInMinutes.

Example

Use Cases

Extending token validity

When the default token validity is insufficient for a long-running operation, request a fresh token with an extended validity period:

Token rotation

Periodically refresh the access token to maintain a fresh validity window without requiring the user to re-authenticate.

Error Responses

401 Unauthorized
error
The bearer token is missing, expired, or invalid. The user must sign in again via POST /api/token.
AccessDenied
error
Returned when the authenticated user cannot be resolved from the token, or (for the admin endpoint) when the admin lacks access to the target user.