Authentication

We use JWT for the authentication of the API.

Log In

To obtain a token you need to send a request to /v1/login

Request

POST /v1/login HTTP/1.1
Content-Type: application/json

{
  "email": "<email_here>",
  "password": "<password_here>"
}

Response

{
    "success": true,
    "data": {
        "type": "token",
        "access_token": "<token_goes_here>",
        "expires_in": 3600
    }
}

The token must be supplied in any requests to the API in the Authorization header like so

Authorisation: Bearer <token_goes_here>

Errors

If the supplied credentials are incorrect the following error response will be returned:

{
    "message": "'Invalid credentials"
}

Refresh the Token

Sending a authorised request to the /v1/token endpoint will blacklist the token and return a new token with updated iat (issued at) and nbf (not before) values, extending the length of time a user can remain logged in.

The response will be as follows:

{
    "success": true,
    "data": {
        "type": "refresh_token",
        "access_token": "<token_goes_here>",
        "token_type": "Bearer",
        "expires_in": 3600
    }
}

Log Out

Sending an authenticated request to the /v1/logout endpoint will blacklist the supplied token.