Refresh tokens

curl --request POST \
  --url https://org-api.hexoforge.dev/api/v1/pub/{project_id}/auth/refresh \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "refresh_token": "<string>"
}
'

{
  "refresh_token": "<string>"
}

POST

api

pub

{project_id}

auth

refresh

Refresh tokens

curl --request POST \
  --url https://org-api.hexoforge.dev/api/v1/pub/{project_id}/auth/refresh \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "refresh_token": "<string>"
}
'

{
  "refresh_token": "<string>"
}

Rotates the refresh token and returns a new access token. Refresh tokens are single-use; the previous refresh token is invalidated. Requires X-API-Key only (no Bearer).

Request body

refresh_token

string

required

Current refresh token.

Response

200 OK

{
  "access_token": "eyJhbGciOiJSUzI1NiIs...",
  "refresh_token": "bmV3IHJlZnJlc2ggdG9rZW4...",
  "token_type": "bearer",
  "expires_in": 900
}

refresh_token

string

New refresh token; store this and discard the old one.

Status codes

Code	Meaning
200	Rotated successfully
401	Invalid, expired, or already-used refresh token
403	IP blocked or firewall deny
429	Rate limited

Verify email Logout

⌘I

Overview

Gate API

Public API

Refresh tokens

Request body

Response

Status codes

Overview

Gate API

Public API

Documentation Index

​Request body

​Response

​Status codes

Request body

Response

Status codes