Refresh access token

POST https://app.speybooks.com/api/v1/auth/refresh

Exchange a valid refresh token for a new access token. The refresh token itself is not rotated. Tokens issued before a password change are rejected (tracked via token_generation counter).

Body parameters

refreshToken string required

Refresh token from the login response.

Response

200 Returns a new access token. The refresh token remains valid.

Show response fields

accessToken string

expiresIn integer

Error codes

400 No refresh token provided.

401 Invalid, expired, or revoked refresh token.

429 Rate limit exceeded.

Request POST /v1/auth/refresh curl

curl -X POST https://api.speybooks.com/v1/auth/refresh \
  -H "Content-Type: application/json" \
  -d '{"refreshToken": "eyJ..."}'

Response 200

{
  "success": true,
  "data": {
    "accessToken": "eyJ...",
    "expiresIn": 900
  }
}