Refresh Token - OLIVE Payment Platform

curl -X POST "https://demo.api.vultlocal.com/api/v1/admin/refresh" \
  -H "Content-Type: application/json" \
  -d '{
    "refresh_token": "rt_abc123xyz..."
  }'

{
  "success": true,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "new_refresh_token_string",
  "expires_at": 1704110400,
  "refresh_expires_at": 1704714400,
  "user": {
    "id": "123",
    "email": "admin@olive.sl",
    "first_name": "Admin",
    "last_name": "User",
    "role": "system_admin",
    "status": "active"
  }
}

POST

admin

refresh

curl -X POST "https://demo.api.vultlocal.com/api/v1/admin/refresh" \
  -H "Content-Type: application/json" \
  -d '{
    "refresh_token": "rt_abc123xyz..."
  }'

{
  "success": true,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "new_refresh_token_string",
  "expires_at": 1704110400,
  "refresh_expires_at": 1704714400,
  "user": {
    "id": "123",
    "email": "admin@olive.sl",
    "first_name": "Admin",
    "last_name": "User",
    "role": "system_admin",
    "status": "active"
  }
}

Issue a new access token using a valid refresh token. Implements token rotation for security.

Request

refresh_token

string

required

Valid refresh token from login

Response

success

boolean

Whether the refresh succeeded

token

string

New JWT access token

refresh_token

string

New refresh token (old one is revoked)

expires_at

integer

Access token expiration timestamp

refresh_expires_at

integer

Refresh token expiration timestamp

user

object

User details object

Examples

curl -X POST "https://demo.api.vultlocal.com/api/v1/admin/refresh" \
  -H "Content-Type: application/json" \
  -d '{
    "refresh_token": "rt_abc123xyz..."
  }'

{
  "success": true,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "new_refresh_token_string",
  "expires_at": 1704110400,
  "refresh_expires_at": 1704714400,
  "user": {
    "id": "123",
    "email": "admin@olive.sl",
    "first_name": "Admin",
    "last_name": "User",
    "role": "system_admin",
    "status": "active"
  }
}

Token Rotation

For security, a new refresh token is issued on every refresh:

Old refresh token is revoked immediately
New refresh token is stored
Both new tokens are returned

Errors

Status	Code	Description
400	`INVALID_REQUEST`	Invalid request format
401	`INVALID_TOKEN`	Invalid or expired refresh token
500	`INTERNAL_ERROR`	Server error

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json

Refresh token

refresh_token

string

required

Response

expires_at

integer

refresh_expires_at

integer

refresh_token

string

success

boolean

token

string

user

object

Show child attributes

Admin Login

Logout

Documentation Index

​Request

​Response

​Examples

​Token Rotation

​Errors

Authorizations

Body

Response

Request

Response

Examples

Token Rotation

Errors