Refresh
curl --request POST \
--url https://staging.api.prexsell.com/v2/auth/refresh{
"data": {
"user": {
"id": "usr_abc123def456",
"email": "user@example.com",
"firstName": "Іван",
"lastName": "Петренко"
},
"access": {
"contextType": "COMPANY",
"companyId": "cmp_xyz789",
"partnerId": null,
"role": "ADMIN",
"company": {
"id": "cmp_xyz789",
"name": "Prexsell Bus Lines",
"slug": "prexsell-bus-lines",
"tier": "PRO"
}
},
"session": {
"id": "ses_q1w2e3r4t5",
"contextType": "COMPANY",
"companyId": "cmp_xyz789",
"userId": "usr_abc123def456",
"expiresAt": "2026-06-28T00:00:00.000Z",
"lastUsedAt": "2026-05-28T12:00:00.000Z",
"revokedAt": null
},
"availableAccesses": []
}
}Auth
Refresh
Reads the refresh token from the HTTP-only cookie, rotates it, and issues a new access token. Detects token replay attacks and revokes the entire session family when detected.
POST
/
v2
/
auth
/
refresh
Refresh
curl --request POST \
--url https://staging.api.prexsell.com/v2/auth/refresh{
"data": {
"user": {
"id": "usr_abc123def456",
"email": "user@example.com",
"firstName": "Іван",
"lastName": "Петренко"
},
"access": {
"contextType": "COMPANY",
"companyId": "cmp_xyz789",
"partnerId": null,
"role": "ADMIN",
"company": {
"id": "cmp_xyz789",
"name": "Prexsell Bus Lines",
"slug": "prexsell-bus-lines",
"tier": "PRO"
}
},
"session": {
"id": "ses_q1w2e3r4t5",
"contextType": "COMPANY",
"companyId": "cmp_xyz789",
"userId": "usr_abc123def456",
"expiresAt": "2026-06-28T00:00:00.000Z",
"lastUsedAt": "2026-05-28T12:00:00.000Z",
"revokedAt": null
},
"availableAccesses": []
}
}Response
Token rotated successfully. New access and refresh tokens are set as HTTP-only cookies.
Full authentication payload returned after a successful login, token refresh, or session fetch.
Show child attributes
Show child attributes
⌘I