# Refresh Token endpoint

Exchanges a valid refresh token for a new access token (and optionally a new refresh token).

This endpoint is used to keep the user authenticated without requiring them to log in again.
It should be called before the current access token expires.

The client must send a valid refresh token, typically received from the login or token exchange endpoint.

If the refresh token is valid and not expired or revoked, the response will contain a new access token.
Depending on server configuration, a new refresh token may also be issued.


- Refresh tokens must be kept secure and should not be shared or exposed.
- Reuse of refresh tokens after logout or expiration will result in an error.
- Clients should always update their stored refresh token if a new one is provided in the response.


Endpoint: POST /integrator/refresh-token
Version: 1.0.3
Security: bearerAuth

## Request fields (application/json):

  - `refreshToken` (string)

## Response 200 fields (application/json):

  - `token` (string)

  - `expiresIn` (integer)