# Copyright 2022 The Matrix.org Foundation C.I.C. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. openapi: 3.1.0 info: title: Matrix Client-Server Registration and Login API version: 1.0.0 paths: /refresh: post: x-addedInMatrixVersion: "1.3" summary: Refresh an access token description: |- Refresh an access token. Clients should use the returned access token when making subsequent API calls, and store the returned refresh token (if given) in order to refresh the new access token when necessary. After an access token has been refreshed, a server can choose to invalidate the old access token immediately, or can choose not to, for example if the access token would expire soon anyways. Clients should not make any assumptions about the old access token still being valid, and should use the newly provided access token instead. The old refresh token remains valid until the new access token or refresh token is used, at which point the old refresh token is revoked. Note that this endpoint does not require authentication via an access token. Authentication is provided via the refresh token. Application Service identity assertion is disabled for this endpoint. operationId: refresh requestBody: content: application/json: schema: type: object example: { "refresh_token": "some_token" } properties: refresh_token: type: string description: The refresh token required: - refresh_token required: true responses: "200": description: A new access token and refresh token were generated. content: application/json: schema: type: object properties: access_token: type: string description: The new access token to use. refresh_token: type: string description: |- The new refresh token to use when the access token needs to be refreshed again. If not given, the old refresh token can be re-used. expires_in_ms: type: integer description: |- The lifetime of the access token, in milliseconds. If not given, the client can assume that the access token will not expire. required: - access_token examples: response: value: { "access_token": "a_new_token", "expires_in_ms": 60000, "refresh_token": "another_new_token" } "401": description: The provided token was unknown, or has already been used. content: application/json: schema: $ref: definitions/errors/error.yaml examples: response: value: { "errcode": "M_UNKNOWN_TOKEN", "error": "Soft logged out", "soft_logout": true } "429": description: This request was rate-limited. content: application/json: schema: $ref: definitions/errors/rate_limited.yaml servers: - url: "{protocol}://{hostname}{basePath}" variables: protocol: enum: - http - https default: https hostname: default: localhost:8008 basePath: default: /_matrix/client/v3