/auth/session/refresh
endpoint. This endpoint takes the refresh token and issues a new access token valid for another hour alongside a new refresh token.
Authorization
header like below. Also don’t forget to set either the 'st-auth-mode': 'header'
or 'fg-auth-mode': 'body'
header which will control if the new access token and refresh token are sent back to you within the header or body of the response.
message: "token theft detected"
as a response that means you tried calling the Refresh Endpoint with an old Refresh Token for which there has already been issued a new Access Token and Refresh Token pair.