Refresh

curl --request POST \
  --url https://api.member.dev/api/v1/contact-auth/refresh \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/vnd.api+json' \
  --data '
{
  "data": {
    "attributes": {
      "refresh_token": "<string>"
    },
    "type": "<string>"
  }
}
'

{
  "data": {
    "attributes": {
      "access_token": "<string>",
      "expires_in": 123,
      "refresh_token": "<string>",
      "token_type": "bearer"
    },
    "id": "<string>",
    "type": "token_pairs"
  }
}

contact-auth

Refresh

Rotate a refresh token for a fresh access+refresh pair.

Resolution order:

Try decoding the cookie. If signature + exp pass → use it.
Else try decoding the body. If signature + exp pass → use it.
If NEITHER source supplied a token → 401 refresh_token_missing.
If at least one source supplied a token but NONE decoded → 401 refresh_token_invalid (preserves the pre-cookie error contract pinned by tests/contact_auth/test_error_codes.py).

Only the RESOLVED token is passed to service.refresh(). The service layer’s replay detection / token_version check / contact lookup are still authoritative — we never swallow those errors by retrying with another candidate.

POST

api

contact-auth

refresh

Refresh

curl --request POST \
  --url https://api.member.dev/api/v1/contact-auth/refresh \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/vnd.api+json' \
  --data '
{
  "data": {
    "attributes": {
      "refresh_token": "<string>"
    },
    "type": "<string>"
  }
}
'

{
  "data": {
    "attributes": {
      "access_token": "<string>",
      "expires_in": 123,
      "refresh_token": "<string>",
      "token_type": "bearer"
    },
    "id": "<string>",
    "type": "token_pairs"
  }
}

Authorizations

Authorization

string

header

required

Send platform JWTs, contact JWTs, or team API keys as Authorization: Bearer <token>.

Body

application/vnd.api+json

data

RefreshRequestResource · object

required

Show child attributes

Response

Successful Response

data

TokenPairResource · object

required

Show child attributes

Patch Team Profile Register

⌘I