Skip to main content
POST
/
api
/
v3
/
admin
/
auth
/
refresh
Spree Admin SDK
import { createAdminClient } from '@spree/admin-sdk'

const client = createAdminClient({
  baseUrl: 'https://your-store.com',
  secretKey: 'sk_xxx',
})

// Driven entirely by the HttpOnly refresh-token cookie + CSRF header (set by the SDK).
const auth = await client.auth.refresh()
spree api post /auth/refresh
{
  "token": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VyX3R5cGUiOiJhZG1pbiIsImp0aSI6IjZlMWIyMjEzLTgxNzctNDcyYS04ZjdhLTU2NWEzYjg4ZDA5MiIsImlzcyI6InNwcmVlIiwiYXVkIjoiYWRtaW5fYXBpIiwiZXhwIjoxNzgzNDUyNDU2fQ.rKN0a9uBtgpnEhxcgg5kswkSSNv-r9O9QvFNAIT8K6o",
  "user": {
    "id": "admin_UkLWZg9DAJ",
    "email": "admin@example.com",
    "first_name": "Verdie",
    "last_name": "Schmitt",
    "full_name": "Verdie Schmitt",
    "selected_locale": null,
    "created_at": "2026-07-07T19:22:36.867Z",
    "updated_at": "2026-07-07T19:22:36.867Z",
    "avatar_url": null,
    "roles": [
      {
        "id": "role_UkLWZg9DAJ",
        "name": "admin"
      }
    ]
  }
}
{
  "error": {
    "code": "invalid_refresh_token",
    "message": "Refresh token cookie missing"
  }
}

Authorizations

x-spree-api-key
string
header
required

Secret API key for admin access

Headers

x-spree-api-key
string
required

Response

refresh successful

token
string
required

JWT access token

user
object
required