github/OpenArchiver
1
1
Fork 0
mirror of https://github.com/LogicLabs-OU/OpenArchiver.git synced 2026-04-06 00:31:57 +02:00
Code Issues 161 Packages Projects Releases Wiki Activity
Files
b2ca3ef0e16a2170548ef6f791aea2b5ba9d419a
OpenArchiver/docs/api/authentication.md
Wayne b2ca3ef0e1 Project wide format
2025-08-15 14:18:23 +03:00

1.5 KiB
Raw Blame History

API Authentication

To access protected API endpoints, you need to include a JSON Web Token (JWT) in the Authorization header of your requests.

Obtaining a JWT

First, you need to authenticate with the /api/v1/auth/login endpoint by providing your email and password. If the credentials are correct, the API will return an accessToken.

Request:

POST /api/v1/auth/login
Content-Type: application/json

{
  "email": "user@example.com",
  "password": "your-password"
}

Successful Response:

{
	"accessToken": "your.jwt.token",
	"user": {
		"id": "user-id",
		"email": "user@example.com",
		"role": "user"
	}
}

Making Authenticated Requests

Once you have the accessToken, you must include it in the Authorization header of all subsequent requests to protected endpoints, using the Bearer scheme.

Example:

GET /api/v1/dashboard/stats
Authorization: Bearer your.jwt.token

If the token is missing, expired, or invalid, the API will respond with a 401 Unauthorized status code.

Using a Super API Key

Alternatively, for server-to-server communication or scripts, you can use a super API key. This key provides unrestricted access to the API and should be kept secret.

You can set the SUPER_API_KEY in your .env file.

To authenticate using the super API key, include it in the Authorization header as a Bearer token.

Example:

GET /api/v1/dashboard/stats
Authorization: Bearer your-super-secret-api-key
Reference in New Issue View Git Blame Copy Permalink