Authentication
How to authenticate your API calls.
Vitruvi currently supports 3 different auth methods.
1. JSON Web Token (JWT)
When it's possible, the client using Vitruvi APIs should use JWT tokens for authentication. This token is passed on each request on the Authorization header with JWT on front:
Authorization: JWT <Token>
Obtaining a new JWT token
To retrieve a new JWT token, the client needs to send a POST with email and password to:
/auth/token/obtain
receiving the token with user information
Refresh Token
To refresh the JWT token, the clients needs to send a POST with the refresh token to:
/auth/token/refresh
receiving an updated token if the token provided is still within the refresh window.
2. Access Token
Access token are encrypted tokens that are created by the support team for special use cases, they don't expire unless being revoked by the support team.
Useful for service integrations that don't have capabilities to get a new token on each session. They are passed on each request with the Authentication header with Bearer on front:
Authorization: Bearer <Token>
3. Basic Authentication
Although is not recommended for API usage, all APIs support basic authentication, using email and password. This is particular useful for integrations where tokens are not supported.
Updated over 1 year ago