Skip to main content

Authentication

To access the API, you must authenticate using Bearer tokens based on the JSON Web Token (JWT) standard. This ensures that only authorized users can interact with protected resources.

How It Works

Authentication for Authorium resources happens in two steps:

  1. Send your email and password to the Login User endpoint. If the credentials are valid, the server returns a JWT token.
  2. Include the token in the Authorization header of every request to access protected endpoints.
Authorization: Bearer <your-token>

If the token is missing or invalid, the server returns an authentication error.

Two-Factor Authentication (2FA)

For added security, the Authorium API supports optional two-factor authentication (2FA). If 2FA is enabled for a user:

  1. Use the Generate OTP endpoint to request a one-time password (OTP).
  2. Then sign in using the Login User endpoint, and include the OTP along with your email and password.
  3. The server verifies the OTP before issuing the token.

If the OTP is incorrect or missing, authentication fails.

Token Behavior

Tokens are valid for a limited time. After expiration, you must sign in again to get a new token. The API doesn’t support token refresh.