POST /api/v1/auth/refresh

Refresh the access token using the refresh_token cookie. Issues a new access_token cookie and returns the current user object. No request body is needed -- the server reads the refresh token from the cookie automatically.

Authentication

None (uses refresh_token cookie)

Request

No request body. The refresh_token cookie must be present.

Example

curl -X POST https://intotes.com/api/v1/auth/refresh \
  --cookie "refresh_token=<refresh_token>"

Response

200 OK

Sets a new access_token cookie.

{
  "user": {
    "id": 42,
    "name": "John",
    "nickname": "john_doe",
    "email": "user@example.com",
    "referral_code": "XYZ789",
    "language": "en",
    "theme": "dark",
    "balance": 50000,
    "bonus_balance": 1000,
    "total_balance": 51000,
    "avatar_url": "https://cdn.intotes.com/avatars/42.jpg",
    "is_creator": false,
    "is_stats_viewer": false,
    "total_predictions": 12,
    "biggest_win": 8500,
    "registered_date": "2026-01-15"
  }
}

Errors

Status	Code	Description
401	`TOKEN_EXPIRED`	Refresh token is expired or invalid

Authentication​

Request​

Example​

Response​

200 OK​

Errors​