Refresh Token - OLIVE Payment Platform

curl -X POST "https://demo.api.vultlocal.com/api/v1/admin/refresh" \
  -H "Content-Type: application/json" \
  -d '{
    "refresh_token": "rt_abc123xyz..."
  }'

{
  "success": true,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "new_refresh_token_string",
  "expires_at": 1704110400,
  "refresh_expires_at": 1704714400,
  "user": {
    "id": "123",
    "email": "admin@olive.sl",
    "first_name": "Admin",
    "last_name": "User",
    "role": "system_admin",
    "status": "active"
  }
}

POST

admin

refresh

curl -X POST "https://demo.api.vultlocal.com/api/v1/admin/refresh" \
  -H "Content-Type: application/json" \
  -d '{
    "refresh_token": "rt_abc123xyz..."
  }'

{
  "success": true,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "new_refresh_token_string",
  "expires_at": 1704110400,
  "refresh_expires_at": 1704714400,
  "user": {
    "id": "123",
    "email": "admin@olive.sl",
    "first_name": "Admin",
    "last_name": "User",
    "role": "system_admin",
    "status": "active"
  }
}

Issue a new access token using a valid refresh token. Implements token rotation for security.

Request

refresh_token

string

required

Valid refresh token from login

Response

success

boolean

Whether the refresh succeeded

token

string

New JWT access token

refresh_token

string

New refresh token (old one is revoked)

expires_at

integer

Access token expiration timestamp

refresh_expires_at

integer

Refresh token expiration timestamp

user

object

User details object

Examples

curl -X POST "https://demo.api.vultlocal.com/api/v1/admin/refresh" \
  -H "Content-Type: application/json" \
  -d '{
    "refresh_token": "rt_abc123xyz..."
  }'

{
  "success": true,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "new_refresh_token_string",
  "expires_at": 1704110400,
  "refresh_expires_at": 1704714400,
  "user": {
    "id": "123",
    "email": "admin@olive.sl",
    "first_name": "Admin",
    "last_name": "User",
    "role": "system_admin",
    "status": "active"
  }
}

Token Rotation

For security, a new refresh token is issued on every refresh:

Old refresh token is revoked immediately
New refresh token is stored
Both new tokens are returned

Errors

Status	Code	Description
400	`INVALID_REQUEST`	Invalid request format
401	`INVALID_TOKEN`	Invalid or expired refresh token
500	`INTERNAL_ERROR`	Server error

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json

Refresh token

refresh_token

string

required

Response

expires_at

integer

refresh_expires_at

integer

refresh_token

string

success

boolean

token

string

user

object

Show child attributes

Admin Login

Logout

Overview

Agent-TS

Subscribers

Cards

Wallet

Agents

POS

Payment

Compliance

Admin

Webhooks

Fees

PEP Access

Partner API

Processors

Suspicious Transactions

Account Rules

Admin

Agents

API Keys

Subscribers

Cards

Compliance Alerts

Monitoring Rules

Fee Settings

PEP Access

POS

Payment

Processors

Compliance

Wallet

Webhooks

Partner

​Request

​Response

​Examples

​Token Rotation

​Errors

Authorizations

Body

Response

Request

Response

Examples

Token Rotation

Errors