Refresh Token

Use your existing refresh token to obtain a new access token and a replacement refresh token. This lets you keep users authenticated without requiring them to log in again.

Request

POST /auth/refresh

refreshToken

string

required

The refresh token issued during login or the previous token rotation.

Response

accessToken

string

The newly issued JWT access token.

refreshToken

string

A new refresh token to use in future rotation requests. Replace the token you previously stored with this one.

tokenType

string

Always "Bearer".

expiresIn

number

Number of seconds until the new access token expires.

name

string

The display name of the authenticated user.

role

string

The effective role associated with this token pair.

number

The numeric ID of the authenticated user.

Example

curl -X POST http://localhost:8080/auth/refresh \
  -H "Content-Type: application/json" \
  -d '{"refreshToken": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4..."}'

Each refresh token can only be used once. After a successful rotation, the old refreshToken is immediately invalidated. Always save the new refreshToken from the response before discarding the previous one.

Error codes

Status	Meaning
400	`refreshToken` is missing or blank
401	The refresh token is invalid, expired, or has already been revoked

Logout

⌘I

Request
Response
Example
Error codes

Authentication

Rides

Payments

Notifications & Settings

Request

Response

Example

Error codes

Authentication

Rides

Payments

Notifications & Settings

​Request

​Response

​Example

​Error codes

Request

Response

Example

Error codes