Skip to main content
POST
/
ai_agent
/
refresh_token
Get New Access Token from Refresh Token
curl --request POST \
  --url https://vevdoh3hve.execute-api.us-east-1.amazonaws.com/prod/ai_agent/refresh_token \
  --header 'Content-Type: application/json' \
  --data '
{
  "user_id": "user123",
  "chatbot_id": "8a1e3f18-991b-4a2e-9973-f53e7fc94ff1",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
'
{
  "data": {
    "access_token": "<string>",
    "expires_at": 1753454477000
  }
}

Documentation Index

Fetch the complete documentation index at: https://docs.chatzy.ai/llms.txt

Use this file to discover all available pages before exploring further.

Generate a new short-lived access_token using a valid refresh_token previously issued.
⚠️ Important: This endpoint must be called from your server. Never expose refresh_token or any sensitive token logic to the frontend or the iframe.
When the access_token passed in the iframe query params expires, the Chatzy AI iframe will send a postMessage event to the parent window with following JSON payload: 
{
    type: "[TOKEN_REFRESH]"
    reason: "TokenExpiredError"
}
Your client application (the host of the iframe) must listen for this postMessage event, and call this /ai_agent/refresh_token API from your server to get a new access_token using the stored refresh_token. Once you get the new token, respond back to the iframe with following JSON payload: 
{
  "type": "[TOKEN_REFRESH_RESPONSE]",
  "access_token": "<NEW_ACCESS_TOKEN>"
}
The Chatzy AI iframe will update the token internally and continue to make secure API calls using the new token.
⚠️ Do not send refresh_token to the iframe or store it in localStorage/cookies on the client. Chatzy AI iframe only needs access_token to make authorized API calls.

Body

application/json
user_id
string
required

Client's customer ID

Example:

"user123"

chatbot_id
string<uuid>
required
Example:

"8a1e3f18-991b-4a2e-9973-f53e7fc94ff1"

refresh_token
string
required

Valid refresh token issued during initial access token generation

Example:

"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Response

200 - application/json

New access token issued successfully

data
object