# Token refresh response object

div
strong
🔨 In Development
 — This section is still being developed and may change.


Describes the payload returned when refreshing a session using the Freddy authentication API.

## Fields

- **`access_token`** string — Newly issued JWT access token.
- **`refresh_token`** string — Replacement refresh token. Store securely.
- **`token_type`** string — Always `"bearer"`.
- **`expires_in`** integer — Seconds until the access token expires (typically 3600).
- **`device_id`** string or null — Device identifier associated with the session.
- **`user`** object — Minimal user profile information.


## Example


```json
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer",
  "expires_in": 3600,
  "device_id": "device-456",
  "user": {
    "id": "usr_def789ghi012",
    "email": "user@example.com"
  }
}
```

## Related resources

- [Refresh token](/docs/api-reference/authentication/login/refresh)
- [Logout](/docs/api-reference/authentication/login/logout)
- [Logout response object](/docs/api-reference/authentication/objects/logout-response-object)