Authentication Guide

The Public API uses JWT (JSON Web Token) based authentication.

Obtaining Access Tokens

Request

POST /{tenantId}/authentication/token
Content-Type: application/json

{
  "clientId": "your-client-id",
  "clientSecret": "your-client-secret"
}

Response

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expiresIn": 3600,
  "tokenType": "Bearer"
}

Using Access Tokens

Include the token in the Authorization header of your requests:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Token Expiration

Access tokens have an expiration time (typically 1 hour). When a token expires, you'll receive a 401 Unauthorized response. You'll need to obtain a new token using the same authentication endpoint.

Security Best Practices

• Store client credentials securely
• Never expose tokens in client-side code
• Implement proper token refresh logic
• Use HTTPS for all API communications
• Store tokens securely and clear them when no longer needed