> ## Documentation Index
> Fetch the complete documentation index at: https://agents.laso.finance/llms.txt
> Use this file to discover all available pages before exploring further.

# Refresh an ID token

> Exchange a refresh token for a new ID token. This is a free endpoint — no x402 payment required. Uses the standard OAuth2 `grant_type=refresh_token` pattern.



## OpenAPI

````yaml /api-reference/openapi.json post /auth
openapi: 3.1.0
info:
  title: Laso Finance x402 API
  version: 1.0.0
  description: >-
    Payment-gated API for Laso Finance. All paywalled routes use the x402
    protocol — the caller includes a USDC payment header on Base (eip155:8453)
    or Solana (solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp) and the server verifies
    payment before processing. Free routes require no payment header.


    ## Getting started


    To set up a wallet for making x402 payments, choose a provider:


    - **Locus** (default): https://paywithlocus.com/SKILL.md

    - **Sponge**: https://wallet.paysponge.com/skill.md — automatic x402 service
    discovery

    - **Ampersend**: https://www.ampersend.ai/getting-started.md — self-custody
    on Base with dual-approval spending limits. Laso Finance is a default skill,
    so no manual endpoint registration is needed.


    ## How x402 works


    1. Call a paywalled endpoint without a payment header → receive a `402
    Payment Required` response containing payment details (price, recipient
    address, network).

    2. Construct an x402 payment header using the details from the 402 response.

    3. Replay the request with the payment header → the server verifies payment
    and processes the request.


    ## Authentication flow


    `GET /auth` is free: callers prove wallet ownership by sending a
    `SIGN-IN-WITH-X` header (CAIP-122 wallet signature). Paywalled routes
    (`/get-card`, `/order-gift-card`, `/get-push-to-card`, `/order-intl-card`)
    also return fresh auth credentials in their responses, so a payment is never
    required just to obtain a token.


    Most routes return auth credentials (`id_token`, `refresh_token`,
    `expires_in`). Use the `id_token` as a Bearer token to call authenticated
    Laso Finance endpoints like `/get-card-data`. When the `id_token` expires,
    use `POST /auth` with `grant_type: refresh_token` to get a new one.


    ## Important notes


    The `/get-card` USA prepaid card endpoint is U.S. only — issued in USD,
    usable at U.S.-based merchants only, and physical goods must ship to a U.S.
    address. For non-U.S. merchants or non-USD currencies, use `GET
    /order-intl-card` instead (international prepaid card, admin-fulfilled
    within 24 hours). All cards are intended for the caller's own use.


    For step-by-step instructions, read https://laso.finance/SKILL.md
servers:
  - url: https://laso.finance
    description: Production
security: []
paths:
  /auth:
    post:
      summary: Refresh an ID token
      description: >-
        Exchange a refresh token for a new ID token. This is a free endpoint —
        no x402 payment required. Uses the standard OAuth2
        `grant_type=refresh_token` pattern.
      operationId: refreshToken
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - grant_type
                - refresh_token
              properties:
                grant_type:
                  type: string
                  enum:
                    - refresh_token
                  description: Must be "refresh_token"
                refresh_token:
                  type: string
                  description: >-
                    The refresh token received from a previous /auth or
                    /get-card call
      responses:
        '200':
          description: Refreshed auth credentials and user ID
          content:
            application/json:
              schema:
                type: object
                properties:
                  id_token:
                    type: string
                    description: New ID token — use as Bearer token for Laso Finance APIs
                  refresh_token:
                    type: string
                    description: New refresh token — use for the next refresh
                  expires_in:
                    type: string
                    description: Token lifetime in seconds
                  user_id:
                    type: string
                    description: The user's ID (lowercase wallet address)
        '400':
          description: Invalid or missing grant_type or refresh_token
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
              example:
                error: >-
                  Invalid or missing grant_type. Must be "refresh_token" for
                  POST /auth.
        '401':
          description: Token is invalid or revoked
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
              example:
                error: Failed to refresh token. Token may be invalid or revoked.
components:
  schemas:
    Error:
      type: object
      properties:
        error:
          type: string

````