# API02008: Refresh Token Invalid

## What This Means[​](#what-this-means "Direct link to What This Means")

The refresh token stored by the POS is not recognized by the server. Refresh tokens are used to obtain new access tokens without requiring you to log in again.

## Common Causes[​](#common-causes "Direct link to Common Causes")

* **Token revoked** — An administrator invalidated your session
* **Server secrets changed** — WordPress security keys were updated
* **Data corruption** — The token was corrupted in storage
* **Multiple logins** — Logging in elsewhere may have invalidated this token

## How to Fix[​](#how-to-fix "Direct link to How to Fix")

### 1. Log In Again[​](#1-log-in-again "Direct link to 1. Log In Again")

Since the refresh token is invalid, you'll need to authenticate again:

1. Log out of the POS
2. Enter your username and password
3. This generates new valid tokens

### 2. Check for Revoked Sessions[​](#2-check-for-revoked-sessions "Direct link to 2. Check for Revoked Sessions")

If an admin revoked sessions:

* This is normal security practice
* Simply log in again
* Your new session will work normally

### 3. Check Server Changes[​](#3-check-server-changes "Direct link to 3. Check Server Changes")

If this affects all users:

* WordPress salts/keys may have changed
* JWT plugin settings may have been modified
* Contact your server administrator

### 4. Clear Stored Data[​](#4-clear-stored-data "Direct link to 4. Clear Stored Data")

If you continue having issues:

* Clear the POS application data
* Remove cached credentials
* Start with a clean login

## Related Errors[​](#related-errors "Direct link to Related Errors")

* [API02003](/error-codes/API02003.md) — Token Invalid
* [API02007](/error-codes/API02007.md) — Token Refresh Failed