Identity
Refresh Token
Refresh an expired MCP Identity Token
POST
Refresh Token
Refresh an expired MCP Identity Token (MIT) using a refresh token.Request
Headers
Your MCP Rank API key
Body Parameters
The refresh token from the original token response
Response
New MCP Identity Token (JWT)
New refresh token (old one is invalidated)
Seconds until the new access token expires (typically 3600)
Always
BearerToken Rotation Security
MCP Identity implements refresh token rotation for security:- Each refresh token can only be used once
- Using a refresh token returns a new refresh token
- The old refresh token is immediately invalidated
- If a refresh token is reused (potential attack), all user tokens may be revoked
Error Responses
Error Response