Skip to main content

Authentication and Authorization Mechanisms

1. Login and Validation

  • Login:
    A user provides their email and password. Upon successful login, the server responds with an access token (JWT or OAuth), which is used for subsequent API requests.

  • Validation:
    The system checks the credentials against the database and responds with either a success message and token or an error if the credentials are incorrect.

2. Token Granting and Authentication (OAuth, JWT, etc.)

Authentication is based on either JWT (JSON Web Tokens) or OAuth tokens:

  • JWT:
    Upon successful login, the system returns a JWT that serves as proof of authentication. The token is used for each subsequent API call and must be included in the Authorization header as:
    Bearer {token}

  • OAuth:
    If OAuth authentication is used, the system supports third-party OAuth providers such as Google, Facebook, etc. A user can authenticate using the provider's credentials, which will then generate an OAuth token to authenticate API calls.

3. Handling Logout and Session Issues

  • Logout:
    To log out, users can send a POST request to the logout endpoint, which will invalidate the current session and revoke the access token.

  • Session Issues:
    Session-related issues, such as token expiry or invalid session states, will result in a 401 Unauthorized response.