POST /auth/refresh-token
Refresh access token. Response format depends on accessTokenType configuration:
Refresh Token
/auth/refresh-tokenRefresh access token. Response format depends on accessTokenType configuration: - Header mode (default): Returns new tokens in response body - Cookie mode: Sets new tokens in HTTP-only cookies and returns success message
Request body
NestAuthRefreshTokenRequestDto
| Field | Type | Required | Description |
|---|---|---|---|
refreshToken | string | optional | Refresh token to obtain new access token Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJ0eXBlIjoicmVmcmVz… |
Examples
Example
{
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJ0eXBlIjoicmVmcmVzaCJ9.abc123"
}Responses
200Header mode: Returns message + tokens in body
AuthWithTokensResponseDto
| Field | Type | Required | Description |
|---|---|---|---|
accessToken | string | required | JWT access token (short-lived) Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJpYXQiOjE2OTk5OTk5… |
refreshToken | string | required | JWT refresh token (long-lived) Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJ0eXBlIjoicmVmcmVz… |
message | string | optional | Success message (added by controller based on configuration) Example: Login successful |
isRequiresMfa | boolean | required | Whether multi-factor authentication is required Example: false |
mfaMethods | "email" | "sms" | "totp"[] | optional | Available MFA methods when isRequiresMfa is true Example: ["email","totp"] |
defaultMfaMethod | "email" | "sms" | "totp" | optional | Default/recommended MFA methodemailsmstotpExample: email |
trustToken | string | optional | Trust token for trusted device verification Example: 1234567890 |
Example response
{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJpYXQiOjE2OTk5OTk5OTksImV4cCI6MTY5OTk5OTk5OX0.xyz",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJ0eXBlIjoicmVmcmVzaCIsImlhdCI6MTY5OTk5OTk5OX0.abc",
"message": "Login successful",
"isRequiresMfa": false,
"mfaMethods": [
"email",
"totp"
],
"defaultMfaMethod": "email",
"trustToken": "1234567890"
}Try it
curl -X POST 'https://api.example.com/auth/refresh-token' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
-d '{"refreshToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJ0eXBlIjoicmVmcmVzaCJ9.abc123"}'