> ## Documentation Index
> Fetch the complete documentation index at: https://docs.onboard.xyz/llms.txt
> Use this file to discover all available pages before exploring further.

# Refresh token

> Refresh access token by presenting previously acquired refresh token. Requires the refresh token initially acquired to be passed as x-auth-token in header


This endpoint allows users to refresh their expired or soon-to-expire access tokens using a valid refresh token. It returns a new access token without requiring the user to log in again.


## OpenAPI

````yaml post /auth/oauth/refresh-token
openapi: 3.0.3
info:
  version: 2.1.0
  title: Onboard External API Gateway
  description: >-
    **Introduction**

    API Gateway for Onboard


    This specification describes API endpoints that are available to the public
    internet via the API gateway. The different endpoints require different
    authentication schemes, see documentation for what applies to the operation
    you want to access.


    **Errors**

    Uses conventional HTTP response codes to indicate success or failure. In

    general:
     
    - `2xx` status codes indicate success. Codes in the

    - `4xx` range

    indicate a client error (e.g. required parameters, failed request etc.).

    - `5xx` status codes indicate a server error occurred.
  contact:
    name: Nestcoin TechOps
    email: techops@nestcoin.com
  license:
    name: UNLICENSED
servers:
  - url: https://external.dev.onboardpay.co
    description: Gateway for external API on staging environment.
security: []
tags:
  - name: users-onboardapi
    description: Endpoints available to for merchants liquidity automation
  - name: users-users
    description: User related endpoints
  - name: users-partners
    description: Partner related endpoints
  - name: users-admin
    description: Back office related endpoints
  - name: users-user2fa
    description: User 2fa related endpoints
  - name: users-usernotifications
    description: User notifications related endpoints
  - name: users-merchantnetwork
    description: Merchant network endpoints
  - name: users-userauth
    description: Authentication endpoints
  - name: users-userservice
    description: Service endpoints
  - name: users-webhook
    description: webhook endpoints
paths:
  /auth/oauth/refresh-token:
    post:
      tags:
        - auth-oauth
      summary: Request for access token
      description: >
        Refresh access token by presenting previously acquired refresh token.
        Requires the refresh token initially acquired to be passed as
        x-auth-token in header
      operationId: refreshAccessToken
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AccessTokenResponse'
        '400':
          description: Bad request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorMessageDto'
        '401':
          description: Unauthorized request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorMessageDto'
        '403':
          description: Forbidden request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorMessageDto'
        '500':
          description: Server error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorMessageDto'
      security:
        - authToken: []
components:
  schemas:
    AccessTokenResponse:
      properties:
        userId:
          type: string
          description: Onboard unique User ID
        accessToken:
          $ref: '#/components/schemas/Token'
        refreshToken:
          $ref: '#/components/schemas/Token'
      required:
        - userId
        - accessToken
        - refreshToken
    ErrorMessageDto:
      description: >-
        Default error object for services. This gives consistent error object
        that all services may use.
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: string
          description: Error code
          example: UNKNOWN_ERROR
        message:
          type: string
          description: Descriptive error message
          example: Request could not be completed due to an error
        data:
          type: object
          description: Additional data for this error message.
          additionalProperties: true
          properties: {}
      x-common-model: ErrorMessageDto
    Token:
      properties:
        token:
          type: string
          description: Token string (Request, Access, Refresh)
        expiry:
          type: string
          format: date-time
          description: Timestamp field.
      required:
        - token
        - expiry
  securitySchemes:
    authToken:
      type: apiKey
      name: x-auth-token
      in: header

````