Admin Refresh Token (v1)

Method + Path

POST /v1/auth/admin/refresh

Actual backend path: /v1/auth/admin/refresh

Description

Refresh the admin access token using a refresh token from cookies. This endpoint rotates the session and issues new tokens.

Authentication

Required - Cookie-based authentication (refresh token in HTTP-only cookie)

Headers

Header	Type	Required	Description
`Cookie`	string	Yes	HTTP-only cookie containing refresh token

Note: The refresh token is automatically sent via cookies. No manual header is required.

Request Body

No request body required.

Response (200)

{
  "admin": {
    "id": "507f1f77bcf86cd799439011",
    "email": "admin@example.com",
    "roles": ["super-admin"]
  },
  "meta": {
    "accessTokenExpiresIn": "15m",
    "refreshTokenExpiresIn": "7d"
  }
}

Note: New tokens are set as HTTP-only cookies in the response.

Common Errors

401 Unauthorized: Missing or invalid refresh token
403 Forbidden: Refresh token has been revoked
500 Internal Server Error: Server error

Method + Path​

Description​

Authentication​

Headers​

Request Body​

Response (200)​

Common Errors​