Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/eggarcia98/auth-backend/llms.txt

Use this file to discover all available pages before exploring further.

POST /api/v1/auth/validate-token Checks whether the current session is valid. The endpoint first tries to verify the access token. If that fails, it attempts to use the refresh token to issue new tokens. Use this endpoint to silently refresh sessions without requiring the user to log in again.

Request

No request body is required.

Headers

Authorization
string
Bearer token for authentication. Format: Bearer <accessToken>. Optional — the access token can also be supplied via the accessToken cookie.

Cookies

accessToken
string
The access token cookie set after login. Used as a fallback if the Authorization header is not provided.
refreshToken
string
The refresh token cookie set after login. Used to issue new tokens if the access token is invalid or expired.

Token resolution order

  1. Access token from Authorization: Bearer <token> header.
  2. Access token from the accessToken cookie.
  3. If the access token is missing or invalid, the refreshToken cookie is used to issue new tokens.

Response

success
boolean
Whether the request succeeded.
message
string
Either "Token is valid" or "Token refreshed successfully".
data
object

Cookies updated on refresh

If the access token was expired and a refresh occurred, both cookies are updated:
CookieDescription
accessTokenNew short-lived JWT.
refreshTokenNew long-lived refresh token. Expires after 7 days.

Examples

# With Authorization header
curl --request POST \
  --url https://your-api.example.com/api/v1/auth/validate-token \
  --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'

# With cookies only
curl --request POST \
  --url https://your-api.example.com/api/v1/auth/validate-token \
  --cookie 'accessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...; refreshToken=v1.MRjY...'

Success response — valid token (200)

{
  "success": true,
  "message": "Token is valid",
  "data": {
    "user": {
      "id": "b3e1c2d4-...",
      "email": "user@example.com",
      "emailVerified": true,
      "provider": "email",
      "createdAt": "2024-01-15T10:30:00.000Z",
      "updatedAt": "2024-01-15T10:30:00.000Z"
    },
    "tokenRefreshed": false
  }
}

Success response — token refreshed (200)

{
  "success": true,
  "message": "Token refreshed successfully",
  "data": {
    "user": {
      "id": "b3e1c2d4-...",
      "email": "user@example.com",
      "emailVerified": true,
      "provider": "email",
      "createdAt": "2024-01-15T10:30:00.000Z",
      "updatedAt": "2024-01-15T10:30:00.000Z"
    },
    "tokenRefreshed": true
  }
}

Errors

HTTP statusCodeDescription
401UNAUTHORIZEDNo tokens were provided, or both the access token and refresh token are invalid or expired. The user must log in again.
500INTERNAL_ERRORAn unexpected error occurred during token validation.

Build docs developers (and LLMs) love

Get started for freeTalk to us