Refresh a Human Session
Keep a human API session alive by exchanging the refresh token for a fresh token pair.
Use the refresh endpoint with the current refresh token before the human session expires.
- Refresh before expiry.
- Replace stored tokens cleanly.
- Know which auth session types can use refresh.
Where this happens
Same Task, Other Interfaces
Use the version that matches where you are working now. The subject matter stays the same; the delivery changes by surface.
Keep this boundary clear
- Refresh is for human API sessions only. PATs and automation secrets do not use this flow.
Do the work
- 1. Send the current `refreshToken` in the JSON body.
- 2. Receive a new access token and refresh token pair in the response.
- 3. Replace the previously stored tokens instead of keeping multiple versions around.
- 4. Retry protected requests with the fresh access token.
Refresh over REST
curl -X POST http://localhost:5173/api/v1/auth/refresh -H 'content-type: application/json' -d '{"refreshToken":"refresh_token_here"}'Keep Going in Sign In and Sessions
Stay in the same interface and move to the next closest task in this topic when needed.
Request a Sign-In Code
Start the OTP flow and send a sign-in code to the correct email address.
Verify the Sign-In Code
Complete the OTP flow, establish the human session, and move into the workspace or terminal workflow.
Revoke a Human Session
Invalidate a human API session explicitly instead of waiting for the access token to expire.
Nearby Guides
These guides stay close to the current workflow so you can keep moving without restarting discovery.