post https://demo-qasandbox.alloy.co/v1/oauth/refresh
Given a non-expired bearer token, return a new one that expires an hour from now.
Allows clients to keep generating fresh bearer tokens without re-sending the application token and secret.
Note that the bearer token MUST be sent in the JSON body; it CANNOT be sent as an Authorization header.