Refresh access token

curl --request POST \
  --url https://api.getmetacognition.com/auth/refresh \
  --header 'Content-Type: application/json' \
  --data '
{
  "refresh_token": "<string>"
}
'

{
  "access_token": "<string>",
  "refresh_token": "<string>",
  "token_type": "<string>",
  "expires_in": 123
}

POST

auth

refresh

Refresh access token

curl --request POST \
  --url https://api.getmetacognition.com/auth/refresh \
  --header 'Content-Type: application/json' \
  --data '
{
  "refresh_token": "<string>"
}
'

{
  "access_token": "<string>",
  "refresh_token": "<string>",
  "token_type": "<string>",
  "expires_in": 123
}

Use this when an access_token has expired and the refresh_token is still valid. The SDK does this automatically after a 401.

Body

{
  "refresh_token": "eyJhbGciOiJSUzI1NiIs..."
}

refresh_token

string

required

The refresh token returned by /auth/token-exchange.

Response — `200`

access_token

string

Fresh 24h JWT.

refresh_token

string

May be rotated. Store the value returned by the response.

token_type

string

Always "bearer".

expires_in

number

Lifetime of the new access token in seconds.

Example

curl -X POST https://api.getmetacognition.com/auth/refresh \
  -H 'content-type: application/json' \
  -d '{"refresh_token":"eyJ..."}'

When refresh fails

If the refresh token is expired (more than 7 days old) or revoked, /auth/refresh returns 401. At that point, call /auth/token-exchange with the original API key. If the API key is also gone, ask the user or service to authenticate again.

After 401

Without the SDK, implement this sequence in your HTTP client. With the SDK, AuthenticationError usually means refresh and exchange both failed.

Exchange API key for tokens Get current organization

​Body

​Response — 200

​Example

​When refresh fails

​After 401

Body

Response — `200`

Example

When refresh fails

After 401