Skip to main content
šŸšØ All authorized endpoints require the Authorization: Bearer <ACCESS_TOKEN> header in every request.
Without it, the API responds with 401 - Unauthorized and blocks the call.
Example header: 
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJtdXJhdG96ZGVtaXJAdGFybGEuaW8iLCJ1c2VySWQiOiJjOGI1OTQwZS01M2QyLTQwZGYtYTg4Yi0xMTBjODYxNTVjZmEiLCJyb2xlcyI6WyJBUElfVVNFUiIsIkFETUlOIl0sImxvY2FsZSI6InRyX1RSIiwidGltZVpvbmUiOiJFdXJvcGUvSXN0YW5idWwiLCJpYXQiOjE3NTMyMTA2MzQsImV4cCI6MTc1MzIxNDIzNH0.hfF1bjcNDhVthtpaZ_HkysA-zJH3VN1a6Sr59aRZbk0

ā€‹
1. Login Operation

šŸ” Login operations always use a username and password pair.
API Endpoint: /v1/auth/login
Example Request Payload: 
{
  "username": "[email protected]",
  "password": "password"
}
Example Success Response: 
{
    "username": "[email protected]",
    "type": "Bearer",
    "accessToken": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJtdXJhdG96ZGVtaXJAdGFybGEuaW8iLCJ1c2VySWQiOiJjOGI1OTQwZS01M2QyLTQwZGYtYTg4Yi0xMTBjODYxNTVjZmEiLCJyb2xlcyI6WyJBUElfVVNFUiIsIkFETUlOIl0sImxvY2FsZSI6InRyX1RSIiwidGltZVpvbmUiOiJFdXJvcGUvSXN0YW5idWwiLCJpYXQiOjE3NTMyMDc1OTAsImV4cCI6MTc1MzIxMTE5MH0.fTCunl7i7yQ8nAuughBpvpRfdH8VFK8uhZWeTrDOPAc",
    "refreshToken": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJtdXJhdG96ZGVtaXJAdGFybGEuaW8iLCJ1c2VySWQiOiJjOGI1OTQwZS01M2QyLTQwZGYtYTg4Yi0xMTBjODYxNTVjZmEiLCJsb2NhbGUiOiJ0cl9UUiIsInRpbWVab25lIjoiRXVyb3BlL0lzdGFuYnVsIiwiaWF0IjoxNzUzMjA3NTkwLCJleHAiOjE3NTMyOTM5OTB9.ozFiZzNPSUtzwvu3wuocA8q8t6MlqbyT6On2i0vSENQ"
}
ā³ Access tokens stay valid for 1 hour, while refresh tokens live for 1 full day.
Possible Error Responses: 
{
  "timestamp": "2025-04-14T16:58:22.22308754",
  "status": 401,
  "error": "Unauthorized",
  "message": "Bad credentials",
  "path": "/auth/login"
}

{
"timestamp": "2025-04-21T16:35:54.095818",
"status": 401,
"error": "Unauthorized",
"message": "User is disabled",
"path": "/auth/login"
}

ā€‹
2. Authentication Token Refresh Operation

šŸ” When the access token expires, renew it with the refresh token.
API Endpoint: /v1/auth/refresh
Example Request Payload: 
{
  "refreshToken": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJtdXJhdG96ZGVtaXJAdGFybGEuaW8iLCJ1c2VySWQiOiJjOGI1OTQwZS01M2QyLTQwZGYtYTg4Yi0xMTBjODYxNTVjZmEiLCJsb2NhbGUiOiJ0cl9UUiIsInRpbWVab25lIjoiRXVyb3BlL0lzdGFuYnVsIiwiaWF0IjoxNzUzMjA3NTkwLCJleHAiOjE3NTMyOTM5OTB9.ozFiZzNPSUtzwvu3wuocA8q8t6MlqbyT6On2i0vSENQ"
}
āœ… Responses mirror the payload returned by the Login Operation.
āš ļø If you receive a 401 - Unauthorized response, refresh your access token and retry.
šŸ” Should refresh attempts also fail with 401, perform a fresh login before proceeding.