Token Refresh

Session JWTs expire after 15 days. Use the refresh token to obtain a new session JWT without requiring the user to log in again.

Refresh Flow

Automatic Refresh Strategy

Recommended Approach

Refresh the token before it expires to prevent authentication failures:

import requests
from datetime import datetime, timedelta
import jwt
 
class ChordianClient:
    def __init__(self):
        self.token = None
        self.token_expires_at = None
        self.base_url = "https://chordian-core.chordian.ai"
    
    def should_refresh_token(self):
        """Check if token expires in next hour"""
        if not self.token_expires_at:
            return True
        
        expires_soon = datetime.now() + timedelta(hours=1)
        return datetime.now() >= expires_soon
    
    def refresh_token(self):
        """Refresh the session JWT"""
        response = requests.post(
            f"{self.base_url}/api/auth/refresh",
            # Cookies are automatically sent
        )
        
        if response.status_code == 200:
            data = response.json()
            self.token = data['token']
            
            # Decode to get expiration
            decoded = jwt.decode(
                self.token, 
                options={"verify_signature": False}
            )
            self.token_expires_at = datetime.fromtimestamp(decoded['exp'])
            
            return True
        elif response.status_code == 401:
            # Refresh token expired, need to re-login
            raise Exception("Refresh token expired, please login again")
        else:
            raise Exception(f"Refresh failed: {response.status_code}")
    
    def make_request(self, method, endpoint, **kwargs):
        """Make authenticated request with auto-refresh"""
        if self.should_refresh_token():
            self.refresh_token()
        
        headers = kwargs.get('headers', {})
        headers['Authorization'] = f'Bearer {self.token}'
        kwargs['headers'] = headers
        
        return requests.request(method, f"{self.base_url}{endpoint}", **kwargs)
 
# Usage
client = ChordianClient()
response = client.make_request('POST', '/api/workflow/start', json={
    'prompt': 'Find SaaS companies',
    'serviceId': 'srv_123'
})

class ChordianClient {
  constructor() {
    this.token = null;
    this.tokenExpiresAt = null;
    this.baseUrl = 'https://chordian-core.chordian.ai';
  }
 
  shouldRefreshToken() {
    if (!this.tokenExpiresAt) return true;
    
    const expiresIn = this.tokenExpiresAt - Date.now();
    const oneHour = 60 * 60 * 1000;
    
    return expiresIn < oneHour;
  }
 
  async refreshToken() {
    const response = await fetch(
      `${this.baseUrl}/api/auth/refresh`,
      {
        method: 'POST',
        credentials: 'include' // Send cookies
      }
    );
 
    if (response.status === 200) {
      const data = await response.json();
      this.token = data.token;
      
      // Decode JWT to get expiration
      const payload = JSON.parse(atob(this.token.split('.')[1]));
      this.tokenExpiresAt = payload.exp * 1000;
      
      return true;
    } else if (response.status === 401) {
      throw new Error('Refresh token expired, please login again');
    } else {
      throw new Error(`Refresh failed: ${response.status}`);
    }
  }
 
  async makeRequest(method, endpoint, options = {}) {
    if (this.shouldRefreshToken()) {
      await this.refreshToken();
    }
 
    const headers = {
      ...options.headers,
      'Authorization': `Bearer ${this.token}`
    };
 
    return fetch(`${this.baseUrl}${endpoint}`, {
      ...options,
      method,
      headers
    });
  }
}
 
// Usage
const client = new ChordianClient();
const response = await client.makeRequest('POST', '/api/workflow/start', {
  body: JSON.stringify({
    prompt: 'Find SaaS companies',
    serviceId: 'srv_123'
  })
});

import java.time.Instant;
import com.auth0.jwt.JWT;
import com.auth0.jwt.interfaces.DecodedJWT;
 
public class ChordianClient {
    private String token;
    private Instant tokenExpiresAt;
    private final String baseUrl = "https://chordian-core.chordian.ai";
    private final CloseableHttpClient httpClient;
 
    public ChordianClient() {
        this.httpClient = HttpClients.createDefault();
    }
 
    private boolean shouldRefreshToken() {
        if (tokenExpiresAt == null) return true;
        
        Instant oneHourFromNow = Instant.now().plusSeconds(3600);
        return tokenExpiresAt.isBefore(oneHourFromNow);
    }
 
    public void refreshToken() throws IOException {
        HttpPost request = new HttpPost(baseUrl + "/api/auth/refresh");
        
        var response = httpClient.execute(request);
        int statusCode = response.getStatusLine().getStatusCode();
        
        if (statusCode == 200) {
            String body = EntityUtils.toString(response.getEntity());
            JsonObject data = JsonParser.parseString(body).getAsJsonObject();
            this.token = data.get("token").getAsString();
            
            // Decode JWT to get expiration
            DecodedJWT jwt = JWT.decode(this.token);
            this.tokenExpiresAt = jwt.getExpiresAt().toInstant();
        } else if (statusCode == 401) {
            throw new IOException("Refresh token expired, please login again");
        } else {
            throw new IOException("Refresh failed: " + statusCode);
        }
    }
 
    public HttpResponse makeRequest(String method, String endpoint, 
                                    StringEntity body) throws IOException {
        if (shouldRefreshToken()) {
            refreshToken();
        }
 
        HttpPost request = new HttpPost(baseUrl + endpoint);
        request.setHeader("Authorization", "Bearer " + this.token);
        request.setHeader("Content-Type", "application/json");
        
        if (body != null) {
            request.setEntity(body);
        }
        
        return httpClient.execute(request);
    }
}

using System;
using System.IdentityModel.Tokens.Jwt;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
 
public class ChordianClient
{
    private string _token;
    private DateTime _tokenExpiresAt;
    private readonly string _baseUrl = "https://chordian-core.chordian.ai";
    private readonly HttpClient _httpClient;
 
    public ChordianClient()
    {
        var handler = new HttpClientHandler { UseCookies = true };
        _httpClient = new HttpClient(handler);
    }
 
    private bool ShouldRefreshToken()
    {
        if (_tokenExpiresAt == default) return true;
        
        var oneHourFromNow = DateTime.UtcNow.AddHours(1);
        return DateTime.UtcNow >= oneHourFromNow;
    }
 
    public async Task RefreshToken()
    {
        var response = await _httpClient.PostAsync(
            $"{_baseUrl}/api/auth/refresh",
            null
        );
 
        if (response.StatusCode == System.Net.HttpStatusCode.OK)
        {
            var result = await response.Content.ReadAsStringAsync();
            var data = JObject.Parse(result);
            _token = data["token"].ToString();
 
            // Decode JWT to get expiration
            var handler = new JwtSecurityTokenHandler();
            var jwt = handler.ReadJwtToken(_token);
            _tokenExpiresAt = jwt.ValidTo;
        }
        else if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized)
        {
            throw new Exception("Refresh token expired, please login again");
        }
        else
        {
            throw new Exception($"Refresh failed: {response.StatusCode}");
        }
    }
 
    public async Task<HttpResponseMessage> MakeRequest(
        HttpMethod method, 
        string endpoint, 
        object payload = null)
    {
        if (ShouldRefreshToken())
        {
            await RefreshToken();
        }
 
        var request = new HttpRequestMessage(method, $"{_baseUrl}{endpoint}");
        request.Headers.Add("Authorization", $"Bearer {_token}");
 
        if (payload != null)
        {
            request.Content = new StringContent(
                JsonConvert.SerializeObject(payload),
                Encoding.UTF8,
                "application/json"
            );
        }
 
        return await _httpClient.SendAsync(request);
    }
}

Manual Refresh

For simple use cases, manually refresh when needed:

curl -X POST https://chordian-core.chordian.ai/api/auth/refresh \
  -H "Cookie: refresh_token=your-refresh-token" \
  -H "Content-Type: application/json"

Response

200 OK:

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expiresIn": 1296000
}

401 Unauthorized:

{
  "error": {
    "code": "INVALID_REFRESH_TOKEN",
    "message": "Refresh token expired or invalid",
    "status": 401
  }
}

Best Practices

💡 Tip: Refresh proactively - Don’t wait for the token to expire. Refresh 1 hour before expiration.

Store expiration time - Decode JWT and track exp claim
Implement retry logic - If refresh fails with 401, redirect to login
Handle concurrent requests - Queue requests during refresh to avoid race conditions
Secure refresh tokens - Always use httpOnly cookies

Troubleshooting

Error	Cause	Solution
400 Bad Request	No refresh token in cookie	Re-login to get new refresh token
401 Unauthorized	Refresh token expired (>30 days)	User must log in again
500 Internal Error	Server issue	Retry with exponential backoff