# Refresh access token

Refresh the user's access token using a valid refresh token. Requires authentication via bearer token and device fingerprint. The refresh-token header must contain the current refresh token.

Endpoint: POST /identity/refresh
Version: 1.0
Security: bearerAuth

## Header parameters:

  - `x-fingerprint-id` (string, required)
    Unique device or session fingerprint identifier used for security and fraud prevention.

  - `refresh-token` (string, required)
    Bearer token used to refresh the access token when it expires.

## Response 200 fields (application/json):

  - `statusCode` (integer)
    HTTP status code of the response.

  - `data` (object)

  - `data.newTokens` (object)
    Contains the newly issued access and refresh tokens.

  - `data.newTokens.token` (string)
    New access token to authenticate future requests.

  - `data.newTokens.refreshToken` (string)
    New refresh token to be used for subsequent token refreshes.

## Response 400 fields (application/json):

  - `message` (string)
    Invalid param: []
    Example: "Invalid param: []"

  - `error` (string)
    Bad Request
    Example: "Bad Request"

  - `statusCode` (integer)
    400
    Example: 400

## Response 401 fields (application/json):

  - `message` (string)
    Invalid field
    Example: "Unauthorized"

  - `error` (string)
    Unauthorized
    Example: "Unauthorized"

  - `statusCode` (integer)
    401
    Example: 401

## Response 403 fields (application/json):

  - `message` (string)
    Forbidden resource
    Example: "Forbidden resource"

  - `error` (string)
    Forbidden
    Example: "Forbidden"

  - `statusCode` (integer)
    403
    Example: 403

## Response 500 fields (application/json):

  - `message` (string)
    Internal server error
    Example: "Internal server error"

  - `error` (string)
    Internal Server Error
    Example: "Internal Server Error"

  - `statusCode` (integer)
    500
    Example: 500