Core 2.x


Available since 1.7.0

Refreshes an authentication token:

  • a valid, non-expired authentication must be provided
  • the provided authentication token is revoked
  • a new authentication token is generated and returned

Query Syntax


Copied to clipboard!
URL: http://kuzzle:7512/_refreshToken[?expiresIn=<expiresIn>]
Method: POST  

Other protocols

Copied to clipboard!
  "controller": "auth",
  "action": "refreshToken",
  "expiresIn": "<expiresIn>"



  • expiresIn: set the expiration duration (default: depends on Kuzzle configuration file)
  • if a raw number is provided (not enclosed between quotes), then the expiration delay is in milliseconds. Example: 86400000
  • if this value is a string, then its content is parsed by the ms library. Examples: "6d", "10h"


The result contains the following properties:

  • _id: user's kuid
  • jwt: encrypted JSON Web Token, that must then be sent in the requests headers or in the query
  • expiresAt: new token expiration date, in Epoch-millis (UTC)
  • ttl: new token time to live, in milliseconds
Copied to clipboard!
  "status": 200,
  "error": null,
  "controller": "auth",
  "action": "refreshToken",
  "requestId": "<unique request identifier>",
  "volatile": {},
  "result": {
    "_id": "<kuid>",
    "jwt": "<JWT encrypted token>",
    "expiresAt": 1321085955000,
    "ttl": 360000