Rotate the refresh token and issue a new access token
curl -X POST "https://mail.haltman.io/api/auth/refresh" \
-H "Content-Type: application/json" \
-H "X-CSRF-Token: YOUR_API_KEY"
import requests
import json
url = "https://mail.haltman.io/api/auth/refresh"
headers = {
"Content-Type": "application/json",
"X-CSRF-Token": "YOUR_API_KEY"
}
response = requests.post(url, headers=headers)
print(response.json())
const response = await fetch("https://mail.haltman.io/api/auth/refresh", {
method: "POST",
headers: {
"Content-Type": "application/json",
"X-CSRF-Token": "YOUR_API_KEY"
}
});
const data = await response.json();
console.log(data);
package main
import (
"fmt"
"net/http"
)
func main() {
req, err := http.NewRequest("POST", "https://mail.haltman.io/api/auth/refresh", nil)
if err != nil {
panic(err)
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("X-CSRF-Token", "YOUR_API_KEY")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
fmt.Println("Response Status:", resp.Status)
}
require 'net/http'
require 'json'
uri = URI('https://mail.haltman.io/api/auth/refresh')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Post.new(uri)
request['Content-Type'] = 'application/json'
request['X-CSRF-Token'] = 'YOUR_API_KEY'
response = http.request(request)
puts response.body
{
"ok": true,
"action": "refresh",
"refreshed": true,
"session": {
"session_family_id": "example_string",
"access_expires_at": "2024-12-25T10:00:00Z",
"refresh_expires_at": "2024-12-25T10:00:00Z"
}
}
{
"error": "Unauthorized",
"message": "Authentication required. Please provide a valid API token",
"code": 401
}
{
"error": "Forbidden",
"message": "You don't have permission to access this resource",
"code": 403
}
{
"error": "example_string",
"where": "example_string",
"reason": "example_string"
}
POST
/api/auth/refresh
POST
API Key (cookie: __Host-refresh)
__Host-refreshstring
RequiredRefresh-session cookie used to rotate sessions and derive CSRF tokens.
Refresh-session cookie used to rotate sessions and derive CSRF tokens.
API Key (header: X-CSRF-Token)
X-CSRF-Tokenstring
RequiredCSRF token derived from the current session family.
CSRF token derived from the current session family.
Request Preview
Response
Response will appear here after sending the request
Authentication
path
parameterstring
RequiredAPI Key for authentication. Refresh-session cookie used to rotate sessions and derive CSRF tokens.
header
X-CSRF-Tokenstring
RequiredAPI Key for authentication. CSRF token derived from the current session family.
Responses
okboolean
Requiredactionstring
RequiredAllowed values:
refreshrefreshedboolean
Requiredsessionobject
RequiredWas this page helpful?
Last updated 2 days ago
Built with Documentation.AI