Doctor Refresh Token (v1)

Method & Path

POST /api/v1/doctors/refresh

Actual backend path: /v1/doctors/refresh

Description

Refresh the access token using a valid refresh token. The refresh token is rotated (old one is revoked, new one is issued) for security.

Authentication

Required: Refresh token in cookie (not Bearer token)

Headers

Header	Type	Required	Description
Cookie	string	Yes	`refreshToken` cookie (HTTP-only)

Request Body

No request body required.

Response 200 OK

{
  "doctor": {
    "id": "507f1f77bcf86cd799439011",
    "email": "doctor@example.com",
    "fullName": "Dr. John Smith",
    "createdAt": "2024-01-15T10:00:00Z",
    "updatedAt": "2024-01-15T10:00:00Z"
  },
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Note: The response also sets new HTTP-only cookies:

refreshToken - New refresh token (old one is revoked)
accessToken - New access token

Common Errors

401 Unauthorized: Missing or invalid refresh token
500 Internal Server Error: Server error

Method & Path​

Description​

Authentication​

Headers​

Request Body​

Response 200 OK​

Common Errors​