Refresh Token

curl -X POST "https://olive-gateway-a6ba.onrender.com/api/v1/admin/refresh" \
  -H "Content-Type: application/json" \
  -d '{
    "refresh_token": "rt_abc123xyz..."
  }'

{
  "success": true,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "new_refresh_token_string",
  "expires_at": 1704110400,
  "refresh_expires_at": 1704714400,
  "user": {
    "id": "123",
    "email": "admin@olive.sl",
    "first_name": "Admin",
    "last_name": "User",
    "role": "system_admin",
    "status": "active"
  }
}

POST

api

admin

refresh

curl -X POST "https://olive-gateway-a6ba.onrender.com/api/v1/admin/refresh" \
  -H "Content-Type: application/json" \
  -d '{
    "refresh_token": "rt_abc123xyz..."
  }'

{
  "success": true,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "new_refresh_token_string",
  "expires_at": 1704110400,
  "refresh_expires_at": 1704714400,
  "user": {
    "id": "123",
    "email": "admin@olive.sl",
    "first_name": "Admin",
    "last_name": "User",
    "role": "system_admin",
    "status": "active"
  }
}

Issue a new access token using a valid refresh token. Implements token rotation for security.

Request

refresh_token

string

required

Valid refresh token from login

Response

success

boolean

Whether the refresh succeeded

token

string

New JWT access token

refresh_token

string

New refresh token (old one is revoked)

expires_at

integer

Access token expiration timestamp

refresh_expires_at

integer

Refresh token expiration timestamp

user

object

User details object

Examples

curl -X POST "https://olive-gateway-a6ba.onrender.com/api/v1/admin/refresh" \
  -H "Content-Type: application/json" \
  -d '{
    "refresh_token": "rt_abc123xyz..."
  }'

{
  "success": true,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "new_refresh_token_string",
  "expires_at": 1704110400,
  "refresh_expires_at": 1704714400,
  "user": {
    "id": "123",
    "email": "admin@olive.sl",
    "first_name": "Admin",
    "last_name": "User",
    "role": "system_admin",
    "status": "active"
  }
}

Token Rotation

For security, a new refresh token is issued on every refresh:

Old refresh token is revoked immediately
New refresh token is stored
Both new tokens are returned

Errors

Status	Code	Description
400	`INVALID_REQUEST`	Invalid request format
401	`INVALID_TOKEN`	Invalid or expired refresh token
500	`INTERNAL_ERROR`	Server error

Admin Login

Logout

Overview

Agent-TS

Subscribers

Cards

Wallet

Agents

POS

Compliance

Admin

Webhooks

Fees

PEP Access

Partner API

Processors

Suspicious Transactions

Request

Response

Examples

Token Rotation

Errors

Overview

Agent-TS

Subscribers

Cards

Wallet

Agents

POS

Compliance

Admin

Webhooks

Fees

PEP Access

Partner API

Processors

Suspicious Transactions

​Request

​Response

​Examples

​Token Rotation

​Errors

Request

Response

Examples

Token Rotation

Errors