Skip to main content
POST
OAuth 2.1 refresh token rotation

Body

application/json
data
object
required

Refresh request body. The CLI exchanges a refresh token for a new access+refresh pair when its access token nears expiry. Refresh tokens rotate on every use; a re-presented (already-rotated) refresh token revokes the entire token family server-side and returns INVALID_GRANT.

Response

The request has succeeded.

data
object
required

Token response. The CLI persists access_token + refresh_token; the server only stores their hashes.