Auth
Exchange a refresh token for a new access token
Validates the refresh token server-side against the client’s user agent and returns a fresh JWT access token.
POST
Headers
HMAC-SHA256 signature: HMAC-SHA256(secretKey, timestamp + METHOD + path + body). Optional -- when omitted, HMAC verification is skipped.
Request timestamp in epoch milliseconds. Required when x-signature is provided. Rejected if drift exceeds 5 minutes.
Body
application/json
OpenAPI schema McpRefreshTokenBodyDto.
Refresh token previously returned from /auth/verify or /auth/social/verify.
Example:
"550e8400-e29b-41d4-a716-446655440000"