POST /api/v1/auth/refresh

Refresh the token pair using a valid refresh_token. The old refresh token is invalidated and a new pair is issued.

Request

POST /api/v1/auth/refresh
Content-Type: application/json

{
  "refresh_token": "<refresh_jwt>"
}

Response 200

{
  "success": true,
  "status": "200",
  "message": "Token refreshed successfully",
  "errors": null,
  "data": {
    "access_token": "<new_jwt>",
    "refresh_token": "<new_refresh_jwt>",
    "expires_at": "2026-04-06T12:30:00Z"
  }
}

Response 401 — Expired or invalid refresh token

{
  "success": false,
  "status": "401",
  "message": "Token expired",
  "errors": null,
  "data": null
}