Skip to main content
POST
https://api.bunship.com
/
api
/
v1
/
auth
/
refresh
Refresh Token
curl --request POST \
  --url https://api.bunship.com/api/v1/auth/refresh \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "refreshToken": "<string>"
}
'
{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expiresIn": 900
}
Uses a valid refresh token to obtain a new access token and refresh token pair. The previous refresh token is invalidated (token rotation) to prevent replay attacks.

Auth

None required. The refresh token in the request body serves as authentication.

Rate Limit

20 requests per minute per IP.

Request Body

refreshToken
string
required
The refresh token received from a previous login or refresh response.

Response

accessToken
string
New JWT access token. Expires in 15 minutes.
refreshToken
string
New JWT refresh token. Expires in 7 days. Store this for the next rotation.
expiresIn
number
Access token expiry in seconds (900).
{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expiresIn": 900
}

Errors

StatusCodeDescription
401AUTHENTICATION_ERRORRefresh token is invalid, expired, or already used

Example

curl -X POST https://api.bunship.com/api/v1/auth/refresh \
  -H "Content-Type: application/json" \
  -d '{
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }'