POST
/User/RefreshToken
Usage Notes
When
- Extend session before access token expires
- Obtain new access token using refresh token
Requirements
- Valid refreshToken in request body
Notes
- SDK handles automatically 30 seconds before expiration
- No other authentication required for this endpoint
- Returns new accessToken and refreshToken pair
Description
Exchanges refresh token for new access and refresh token pair. Enables continuous sessions without re-authentication.
Required Headers
Requires Authorization Header: Must include current (expiring) access token in Authorization header as "Bearer {token}". Refresh token provided in request body is used to generate new tokens after validating current access token.
| Header | Value | Description |
|---|---|---|
| Authorization | Bearer {accessToken} | Current access token (required for validation) |
| Content-Type | application/json | Request content type |
| Version | 2.0 | API version identifier |
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
refreshToken |
string(255) | Valid refresh token for session extension. |
refreshToken
Valid refresh token for session extension.
Refresh Token Security
- Store refresh tokens securely using encrypted storage or secure vaults
- Never expose refresh tokens in client-side code or logs
- Implement secure token rotation by updating stored refresh tokens
- Monitor for invalid refresh token attempts as security indicators
- Clear stored tokens on user logout or security events
Example Requests
bash
curl -X POST 'https://api.7g.com.au/User/RefreshToken' \
-H 'Authorization: {accessToken}' \
-H 'Version: 2.0' \
-H 'Content-Type: application/json' \
-d '{
"refreshToken": "cZkxxx4Y=="
}'Response Examples
json
{
"accessToken": "eyJxxCJ9.eyJxxxpYyJ9.8Csxx3S-jMxxnv-4Nxxfw",
"refreshToken": "cZkxxx4Y="
}