Skip to main content
POST
/
api
/
v3
/
admin
/
auth
/
refresh
Spree Admin SDK
import { createAdminClient } from '@spree/admin-sdk'

const client = createAdminClient({
  baseUrl: 'https://your-store.com',
  secretKey: 'sk_xxx',
})

// Driven entirely by the HttpOnly refresh-token cookie + CSRF header (set by the SDK).
const auth = await client.auth.refresh()
{
  "token": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VyX3R5cGUiOiJhZG1pbiIsImp0aSI6ImNiOGQ2OWI5LWQzNzMtNDFkYy1iZWRhLWZmMjk2MDQ1MGQ5MiIsImlzcyI6InNwcmVlIiwiYXVkIjoiYWRtaW5fYXBpIiwiZXhwIjoxNzgwNjY1NDAzfQ.Y008gMr0LiwTlG-IYbvK9jrpa33-dRJ95ZvYHguEG20",
  "user": {
    "id": "admin_UkLWZg9DAJ",
    "email": "admin@example.com",
    "first_name": "Grayce",
    "last_name": "Muller",
    "full_name": "Grayce Muller",
    "created_at": "2026-06-05T13:11:43.008Z",
    "updated_at": "2026-06-05T13:11:43.008Z",
    "roles": [
      {
        "id": "role_UkLWZg9DAJ",
        "name": "admin"
      }
    ]
  }
}

Authorizations

x-spree-api-key
string
header
required

Secret API key for admin access

Headers

x-spree-api-key
string
required

Response

refresh successful

token
string
required

JWT access token

user
object
required