Kimlik Doğrulama & Tokenlar

JWT authentication, token generation, refresh, session management.

Audience: Developer Page Type: Reference

JWT Token Structure

Header.Payload.Signature

Payload contains:
├─ sub: user_id
├─ tenant_id: organization_id
├─ role: user_role
├─ email: user_email
├─ iat: issued_at
└─ exp: expiration (24 hours)

Getting a Token

POST /auth/login

Request:
{
  "email": "[email protected]",
  "password": "password123"
}

Response:
{
  "token": "eyJhbGc...",
  "refreshToken": "eyJhbGc...",
  "expiresIn": 86400
}

Using Token in Requests

GET /strategy/cycles

Headers:
Authorization: Bearer eyJhbGc...
X-Tenant-ID: tenant-123
Content-Type: application/json

Token Refresh

POST /auth/refresh-token

Request:
{
  "refreshToken": "eyJhbGc..."
}

Response:
{
  "token": "new_jwt_token",
  "expiresIn": 86400
}

Errors

401 Unauthorized
  - Token invalid or expired
  - Solution: Refresh or re-login

403 Forbidden
  - Token valid but no permission
  - Solution: Check role/permissions

Security Best Practices

✅ Always use HTTPS ✅ Store token securely ✅ Refresh before expiry ✅ Logout: discard token

PreviousAPI Genel Bakış NextTenant İzolasyonu & Veri Güvenliği

Last updated 45 minutes ago

Good evening

hashtagJWT Token Structure

hashtagGetting a Token

hashtagLogin Endpoint

hashtagUsing Token in Requests

hashtagToken Refresh

hashtagErrors

hashtagSecurity Best Practices