JWT Bearer Authentication

API Methods

JWT Token is issued by API after successful login is performed. All subsequent requests have Authorization header with value in format Bearer {tokenId}. Successful response contains model in response body.

Authentication

POST http://{server-address}/api/auth

User authorization based on provided credentials. User authenticates to specific device, specified by DeviceName property in request body. As result, JWT token is issued.

Request Body

Name

Type

Description

UserName*

string

Unique user name.

Password

string

User password

DeviceName*

string

The unique name of the device the user is logging into

{
    "tokenId": "eyJhbG....GLvNNavSk0A",
    "refreshToken": "pC73A....63GkAAEpwtWA=",
    "user": {
        "id": "635f7ae3072edfeae7c26a1e",
        "isVirtual": false,
        "name": "Majiteľ",
        "userName": "999",
        "featureName": null,
        "rights": [
            "admin"
        ],
        "device": {
            "name": "P01",
            "envName": "CashRegister",
            "description": "P01",
            "preferences": {},
            "settings": {
                "MaxQuantity": "200",
                "OpenedPrices": "false",
                "NoticeOnNegativeSale": "false",
                "VisibleQuantities": "false",
                "DefaultFiscalName": "eKasa",
                "DefaultOrderEndpointName": "",
                "DefaultStockName": "S01"
            }
        }
    }
}

{
    "title": "Nesprávne meno alebo heslo.",
    "status": 401,
    "instance": "/api/auth",
    "errorCode": "Unauthorized",
    "traceId": "0HMM3ODQRAVOG:00000002"
}

Get current user profile

GET http://{server-address}/api/auth

Headers

Name

Type

Description

Authorization*

String

JWT token in format Bearer {tokenId}.

{
    "id": "635f7ae3072edfeae7c26a1e",
    "isVirtual": false,
    "name": "Majiteľ",
    "userName": "999",
    "featureName": null,
    "rights": [
        "admin"
    ],
    "device": {
        "name": "P01",
        "envName": "CashRegister",
        "description": "P01",
        "preferences": {},
        "settings": {
            "MaxQuantity": "200",
            "OpenedPrices": "false",
            "NoticeOnNegativeSale": "false",
            "VisibleQuantities": "false",
            "DefaultFiscalName": "eKasa",
            "DefaultOrderEndpointName": "",
            "DefaultStockName": "S01"
        }
    }
}

Refresh session

POST http://{server-address}/api/auth/refresh

Extends session lifespan.

Request Body

Name

Type

Description

tokenId*

String

Token ID obtained during authorization.

refreshToken*

String

Refresh token obtained during authorization.

{
    "tokenId": "eyJhbG....GLvNNavSk0A",
    "refreshToken": "pC73A....63GkAAEpwtWA="
}

To sign out and terminate user session, send DELETE request.

Terminate session

DELETE http://{server-address}/api/auth

Logs out user.

Headers

Name

Type

Description

Authorization*

string

JWT token in format Bearer {tokenId}.

{
    // Response
}

PreviousAuthentication schemes NextHMAC Authentication

Last updated 1 year ago

Was this helpful?