POST

/api/auth/refresh

Refresh JWT access token using refresh token

URL:
https://hub.regardingwork.com/api/auth/refresh
Method:
POST
Authentication:
Refresh token required
Content-Type:
application/json

Use Cases

Token Renewal

Automatically refresh expired access tokens without requiring user re-login.

Extended Sessions

Maintain user authentication for up to 30 days using refresh tokens.

Request Body

Field Type Required Description
refresh_token string Valid refresh token from login or previous refresh

Request Example

curl:
curl -X POST "https://hub.regardingwork.com/api/auth/refresh" \
  -H "Content-Type: application/json" \
  -d '{
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }'
JavaScript (fetch):
const response = await fetch('https://hub.regardingwork.com/api/auth/refresh', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    refresh_token: localStorage.getItem('refresh_token')
  })
});

const result = await response.json();

Response

Success Response (200 OK):
{
  "message": "Token refreshed successfully",
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "id": 42,
    "username": "johndoe123",
    "bio": null,
    "profile_photo_url": null,
    "website_url": null,
    "created_at": "2025-09-06T15:30:45.123456",
    "updated_at": "2025-09-06T15:30:45.123456",
    "is_active": true,
    "role": "USER",
    "premium_tier": "FREE"
  }
}

Error Responses

Status Error Description
400 Refresh token is required Missing refresh_token in request body
401 Invalid or expired refresh token Refresh token is invalid or expired
401 User not found User associated with token doesn't exist
500 Token refresh failed Internal server error

Auto-Refresh Implementation

Automatically handle token refresh when access tokens expire:

async function makeAuthenticatedRequest(url, options = {}) {
  let accessToken = localStorage.getItem('access_token');
  
  // First attempt with current token
  let response = await fetch(url, {
    ...options,
    headers: {
      ...options.headers,
      'Authorization': `Bearer ${accessToken}`
    }
  });
  
  // If token expired, try to refresh
  if (response.status === 401) {
    const refreshToken = localStorage.getItem('refresh_token');
    
    const refreshResponse = await fetch('https://hub.regardingwork.com/api/auth/refresh', {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json'
      },
      body: JSON.stringify({
        refresh_token: refreshToken
      })
    });
    
    if (refreshResponse.ok) {
      const result = await refreshResponse.json();
      
      // Update stored tokens
      localStorage.setItem('access_token', result.access_token);
      localStorage.setItem('refresh_token', result.refresh_token);
      
      // Retry original request with new token
      response = await fetch(url, {
        ...options,
        headers: {
          ...options.headers,
          'Authorization': `Bearer ${result.access_token}`
        }
      });
    } else {
      // Refresh failed, redirect to login
      window.location.href = '/login';
      return;
    }
  }
  
  return response;
}

Token Lifecycle

Access Token
  • Lifespan: 24 hours
  • Purpose: API authentication
  • Renewal: Use refresh token
Refresh Token
  • Lifespan: 30 days
  • Purpose: Generate new access tokens
  • Renewal: Get new one when refreshing