---
title: "JSON Web Token"
slug: "json-web-token"
description: "Follow these steps to implement authentication with a refreshable token:"
tags: ["Access Token", "JWT Authentication", "Refresh Token"]
updated: 2026-02-26T14:57:54Z
published: 2026-02-26T14:57:54Z
canonical: "knowledge.navvis.com/json-web-token"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://knowledge.navvis.com/llms.txt
> Use this file to discover all available pages before exploring further.

# JSON Web Token

Follow these steps to implement authentication with a refreshable token:

1. Login using the `/api/auth/mandate/request` or the `/api/auth/generate_tokens` endpoint. An access token and a refresh token will be returned.
2. The two tokens need to be stored for future use.
3. Any authenticated request will require the access token to be present in the HTTP header.
4. When the access token is about to expire, the refresh token can be used to obtain a new access token, using the `/api/auth/refresh_access_token` endpoint.
5. If the JWT is **refreshable**, go to step 3 until the refresh token is about to expire. A new refresh token can be obtained using the previously obtained refresh token (which is about to expire) by using `/api/auth/update_refresh_token` endpoint.
6. If the JWT is **non-refreshable**, a new login needs to be performed again to start over. Return to step 1.