Dashboard session only. Exchange a refresh token for a new short-lived access token (Bearer JWT) via Supabase. Use this when you are acting as a logged-in dashboard user—not for machine integrations.

For OAuth2 client credentials (server-to-server, no refresh token), use POST /v3/oauth/token instead.

Refresh tokens typically come from the Supabase session after sign-in. Owners may also call POST /v3/auth/generateRefreshToken (authenticated) to mint a long-lived refresh token for integrations. Access tokens expire in about one hour.

Headers: Content-Type: application/json