Authentication & JWT Tokens

Audience: Developer
Page Type: Reference

JWT Token Structure

Header.Payload.Signature

Payload contains:
├─ sub: user_id
├─ tenant_id: organization_id
├─ role: user_role
├─ email: user_email
├─ iat: issued_at
└─ exp: expiration (24 hours)

Getting a Token

POST /auth/login

Request:
{
  "email": "user@company.com",
  "password": "password123"
}

Response:
{
  "token": "eyJhbGc...",
  "refreshToken": "eyJhbGc...",
  "expiresIn": 86400
}

Using Token in Requests

GET /strategic-cycles

Headers:
Authorization: Bearer eyJhbGc...
X-Tenant-ID: tenant-123
Content-Type: application/json

Token Refresh

POST /auth/refresh-token

Request:
{
  "refreshToken": "eyJhbGc..."
}

Response:
{
  "token": "new_jwt_token",
  "expiresIn": 86400
}

Errors

401 Unauthorized
  - Token invalid or expired
  - Solution: Refresh or re-login

403 Forbidden
  - Token valid but no permission
  - Solution: Check role/permissions

JWT Token Structure​

Getting a Token​

Login Endpoint​

Using Token in Requests​

Token Refresh​

Errors​

JWT Token Structure

Getting a Token

Login Endpoint

Using Token in Requests

Token Refresh

Errors