> ## Documentation Index
> Fetch the complete documentation index at: https://gcore.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Refresh token

> Use this request to refresh your access token.

If your refresh token is invalid, expired or blacklisted you should
[authenticate](POST /auth/jwt/login) to obtain valid refresh token and try again.

**Token Expiration**

The access token will expire in an hour, the refresh token — in 24 hours.



## OpenAPI

````yaml /api-reference/services_documented/iam_api.yaml post /iam/auth/jwt/refresh
openapi: 3.1.0
info:
  title: Gcore OpenAPI – IAM API
  description: >-
    This OpenAPI is an aggregated OpenAPI specification that unifies all Gcore
    products into a single file. It covers Cloud, CDN, DNS, WAAP, DDoS
    Protection, Object Storage, Streaming, and FastEdge services.
  version: '2026-05-14T07:00:22.640261+00:00'
servers:
  - url: https://api.gcore.com
security:
  - APIKey: []
tags:
  - name: Account
    description: >-
      Account management operations including authentication, password
      management, and account details.
    x-displayName: Account
  - name: API Tokens
    description: >-
      Use permanent API tokens for regular automated requests to services.

      You can either set its validity period when creating it or issue a token
      for an unlimited time.

      Please address the API documentation of the specific product in order to
      check if it supports API tokens.


      Newer endpoints under `/v2/…` issue tokens using `_` (underscore) as the
      separator

      (for example `42_a1b2c3d4e5f6...`) and are the recommended way to create
      new tokens.

      Legacy endpoints that issue `$`-separated tokens are marked deprecated and
      will be removed

      on **2026-07-17**; tokens that were already issued keep authenticating.


      Provide your APIKey in the Authorization header.


      Example: ```curl -H "Authorization: APIKey 42_a1b2c3d4e5f6..."
      https://api.gcore.com/iam/users/me```


      Please note: When authorizing via SAML SSO, our system does not have any

      information about permissions given to the user by the identity provider.

      Even if the provider revokes the user's access rights, their tokens remain
      active.

      Therefore, if necessary, the token will need to be deleted manually.
    x-displayName: API Tokens
  - name: Users
    x-displayName: Users
paths:
  /iam/auth/jwt/refresh:
    post:
      tags:
        - Account
      summary: Refresh token
      description: >-
        Use this request to refresh your access token.


        If your refresh token is invalid, expired or blacklisted you should

        [authenticate](POST /auth/jwt/login) to obtain valid refresh token and
        try again.


        **Token Expiration**


        The access token will expire in an hour, the refresh token — in 24
        hours.
      operationId: iamRefreshToken
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RefreshRequest'
      responses:
        '200':
          description: OK.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Token'
        '400':
          description: Token refreshing failed.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RefreshTokenError'
        '401':
          description: >-
            Refresh token is invalid, expired or blacklisted.

            Refresh token is blacklisted if it was already used for refreshing
            token.
      security: []
components:
  schemas:
    RefreshRequest:
      type: object
      required:
        - refresh
      properties:
        refresh:
          $ref: '#/components/schemas/RefreshToken'
    Token:
      type: object
      required:
        - refresh
        - access
      properties:
        refresh:
          $ref: '#/components/schemas/RefreshToken'
        access:
          $ref: '#/components/schemas/AccessToken'
    RefreshTokenError:
      oneOf:
        - allOf:
            - $ref: '#/components/schemas/ValidationError'
            - example:
                errors:
                  refresh:
                    - This field is required.
    RefreshToken:
      type: string
      description: |-
        Use this token to refresh the access token via
        [`/auth/jwt/refresh`](POST /auth/jwt/refresh) method.
      example: >-
        eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTYwMTcwNzA5MiwianRpIjoiMGFmOGU3NTMzYWEyNDM0YmI4M2NmMjA1ZWM2NTMwZjQiLCJ1c2VyX2lkIjo1LCJ1c2VyX3R5cGUiOiJjb21tb24iLCJ1c2VyX2dyb3VwcyI6WyJBZG1pbmlzdHJhdG9ycyJdLCJjbGllbnRfaWQiOjIsImVtYWlsIjoidGVzdHVzZXJAZXhhbXBsZS5jb20iLCJ1c2VybmFtZSI6InRlc3R1c2VyQGV4YW1wbGUuY29tIiwic3NvX2VudGl0eSI6bnVsbCwiaXNfYWRtaW4iOmZhbHNlLCJjbGllbnRfbmFtZSI6IlRlc3QgQ29tcGFueSIsImV4Y2hhbmdlYWJsZSI6dHJ1ZX0.C-RuHDWLpu1bd0_SoZgbkqSqA65egSBigKikeEKXkdK-PRVx4ZUIMdkJd-L4ebeydDHgeq3AwXbDBSqPuXZMTKTFKe1HTvpLycTNkTKa-dp9nTq0VwfUlf3G7QajEJA1UiQ7IhSDZJK5NBkEzs_-PFtPOQjeE2u2AbKKJ_SK3hNi1BVU3uVjfWsMVwGDkVnPIa0aLtYDTYd2QKN5InBGh06XITFD_P_IETfwhw7yG4PvLWGejGQO9jJx1ViFYCQi-O8vLR9-mjwaD8Ngc5O8v3mnzRkkxeWoukSW1p8eWiGf7QaLg-zSI6pNFO3_LO-ILHcJ394GJzW2rSpaAgvxwRHDIulDxJtAbqyxykLgnDSHUZbKq8mgQqkeshbmQ-BUT_nkYj1LcQisNTGp4QsDRdi095QQIXLntJiGC59BxpZQ5y3j67AZHG9qiVuHQSlHBaQKBAFdA_d7CRqV7TzsT4p3cHVXF_VccBM06pItkYYY5Xj0bQPU6qWf26bONnYh1FHOlaejw2mGc_FsPpi0soGUh-1v_Qs6C4N086VJ5uYSHw_M3MNcGBjAahnUdrKNX_8gmbTDwYNw7h1ELPYfBAFeQJrdTOOQPfUHzkt9g67DHdxRDHMQxz933Wxmfl_5fiHWoWE82n5ZA110BZB9JQoP7Tqtg4qIZoE1M6Knh14
    AccessToken:
      type: string
      description: Use this token to access API.
      example: >-
        eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjAxNjI0MjkyLCJqdGkiOiI0Mjk1ZjZhMjI4ZTE0MmE3YjA1ZmIxYjE5MjlhZjZlYyIsInVzZXJfaWQiOjUsInVzZXJfdHlwZSI6ImNvbW1vbiIsInVzZXJfZ3JvdXBzIjpbIkFkbWluaXN0cmF0b3JzIl0sImNsaWVudF9pZCI6MiwiZW1haWwiOiJ0ZXN0dXNlckBleGFtcGxlLmNvbSIsInVzZXJuYW1lIjoidGVzdHVzZXJAZXhhbXBsZS5jb20iLCJzc29fZW50aXR5IjpudWxsLCJpc19hZG1pbiI6ZmFsc2UsImNsaWVudF9uYW1lIjoiVGVzdCBDb21wYW55IiwiZXhjaGFuZ2VhYmxlIjp0cnVlLCJyanRpIjoiMGFmOGU3NTMzYWEyNDM0YmI4M2NmMjA1ZWM2NTMwZjQifQ.aJjVE3_mC8fimclIPggD0ynh0EIwO8kCEffhFN4CxbaDBGz4R2Xn2mJQqhsRB2YoDCx_oH3uLii6aM_6OQtc2DbIElfN1KHoQmzzEjxKKXlgTOF_gsq9dVwQ9hajeOsQu5ly1rMk41WW1LrQ6Nkb_v6LC8g57Ah4h2pGot44h87BDsG6uUyMFVV3ZTJjkVNWJxceljFeDPO5rhx-ujtkX5iYwAeVh6HAq3I4Sw7OO5LZHF9pnhNBJVRNu8HlBNyk5UVB7uyStc9vjAnjGJyqc4yWL3QVTz7BMtvXX19W6sypl_YQiYzz5dsOiL4dzsI5RERBVt9DtOytSqDNigF_WTVUn0VsmXEK1oDGb8I2AWuAmiKYxizKY2JEOHoUz7B1L87fiPg5fNlv3QDrFJhuy1M6A-72jL1-N4tCGhUCQubvZEv90JshAhc6A5W88ghtjS_W80xt63gpvK81vE9b3coutIBnh-yvzEwTvudm3YKTnRrNBxRT01tdiJVEKoJ1poST0BxzxtGAvW_JgASTcOqQcFR6-Rr5smDSOki_mKVqODbRgcAj7CeNOvrwDZqC2XlQkTLvlo6msNvyVQH8vugRzPsbZK7F3pCvOEB5ub2WY6a1ui7lm-mAVyAs1VbzCHEnLu5GiXmyNE-mlNXQlAS1xz5P751rANnwODJJFz0
    ValidationError:
      title: Validation error
      type: object
      properties:
        errors:
          type: object
          description: This object contains error descriptions per field from your request.
          additionalProperties:
            type: array
            description: Error list for specific field.
            items:
              type: string
              description: Error description
  securitySchemes:
    APIKey:
      description: >-
        API key for authentication. Make sure to include the word `apikey`,
        followed by a single space and then your token.

        Example: `apikey 1234$abcdef`
      type: apiKey
      in: header
      name: Authorization

````