# Refresh access token POST //localhost:8080/api/v1/auth/refresh Uses httpOnly refresh token cookie and X-CSRF-Token. Returns new access token and rotates refresh cookie. Reference: https://api.alephant.io/api-reference/saa-s-api/auth/refresh-access-token ## OpenAPI Specification ```yaml openapi: 3.1.0 info: title: saas-openapi version: 1.0.0 paths: /api/v1/auth/refresh: post: operationId: refresh-access-token summary: Refresh access token description: >- Uses httpOnly refresh token cookie and X-CSRF-Token. Returns new access token and rotates refresh cookie. tags: - subpackage_auth parameters: - name: X-CSRF-Token in: header description: CSRF token from GET /auth/csrf required: true schema: type: string responses: '200': description: 'data: { accessToken }' content: application/json: schema: type: object additionalProperties: description: Any type '401': description: AUTH_REFRESH_INVALID content: application/json: schema: type: object additionalProperties: description: Any type '403': description: CSRF_INVALID content: application/json: schema: type: object additionalProperties: description: Any type servers: - url: //localhost:8080 ``` ## SDK Code Examples ```python import requests url = "https://localhost:8080/api/v1/auth/refresh" headers = {"X-CSRF-Token": "X-CSRF-Token"} response = requests.post(url, headers=headers) print(response.json()) ``` ```javascript const url = 'https://localhost:8080/api/v1/auth/refresh'; const options = {method: 'POST', headers: {'X-CSRF-Token': 'X-CSRF-Token'}}; try { const response = await fetch(url, options); const data = await response.json(); console.log(data); } catch (error) { console.error(error); } ``` ```go package main import ( "fmt" "net/http" "io" ) func main() { url := "https://localhost:8080/api/v1/auth/refresh" req, _ := http.NewRequest("POST", url, nil) req.Header.Add("X-CSRF-Token", "X-CSRF-Token") res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := io.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) } ``` ```ruby require 'uri' require 'net/http' url = URI("https://localhost:8080/api/v1/auth/refresh") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true request = Net::HTTP::Post.new(url) request["X-CSRF-Token"] = 'X-CSRF-Token' response = http.request(request) puts response.read_body ``` ```java import com.mashape.unirest.http.HttpResponse; import com.mashape.unirest.http.Unirest; HttpResponse response = Unirest.post("https://localhost:8080/api/v1/auth/refresh") .header("X-CSRF-Token", "X-CSRF-Token") .asString(); ``` ```php request('POST', 'https://localhost:8080/api/v1/auth/refresh', [ 'headers' => [ 'X-CSRF-Token' => 'X-CSRF-Token', ], ]); echo $response->getBody(); ``` ```csharp using RestSharp; var client = new RestClient("https://localhost:8080/api/v1/auth/refresh"); var request = new RestRequest(Method.POST); request.AddHeader("X-CSRF-Token", "X-CSRF-Token"); IRestResponse response = client.Execute(request); ``` ```swift import Foundation let headers = ["X-CSRF-Token": "X-CSRF-Token"] let request = NSMutableURLRequest(url: NSURL(string: "https://localhost:8080/api/v1/auth/refresh")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error as Any) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume() ```