Auth

The Kalixo API includes an Authentication (Auth) service that utilizes JSON Web Tokens (JWT) for secure authentication and authorization. When making requests to protected endpoints, clients are required to include an Authorization header with the Bearer scheme, followed by a valid JWT token.

Upon successful authentication, the Auth service generates an access token that serves as proof of the client's identity and permissions. This access token has a shorter lifespan and typically lasts for 4 hours. It is used to authenticate subsequent requests to protected resources.

To ensure a seamless user experience and prevent frequent reauthentication, the Auth service also issues a refresh token alongside the access token. The refresh token has a longer expiration period, typically lasting for 8 hours. When the access token expires, clients can use the refresh token to obtain a new access token without requiring the user to re-enter their credentials.

By implementing JWT-based authentication, using the Bearer scheme in the Authorization header, and incorporating refresh tokens, the Kalixo API provides a secure and user-friendly authentication mechanism. This approach ensures that clients can access protected resources for a specified duration, while also allowing for automatic token renewal to maintain a smooth user experience.


Post/v1/auth/login

Login

The Login endpoint of the Kalixo API allows users to securely authenticate and obtain access to their accounts. To initiate the login process, clients need to send a POST request to the designated Login endpoint, providing their credentials in the request body.

  • Name
    email
    Type
    string
    Description

    Email address associated with your account.

  • Name
    password
    Type
    string
    Description

    Your account password.

Upon successful authentication, the endpoint verifies the user's credentials and generates a JSON Web Token (JWT) that serves as the access token. This token is then returned in the response, allowing the client to authenticate subsequent requests to protected resources.

Request

POST
/v1/auth/login
curl -X POST -H "Content-Type: application/json" -d '{
  "email": "[email protected]",
  "password": "zpVY8eV!wk"
}' https://api.kalixo.io/v1/auth/login

Response

{
   "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWQiOiI2NDljOWM5NjhiNDI5YTdlOGNlZDkxM2UiLCJlbWFpbCI6Im1hcmtvLmxvamFuaWNhMTk5MUBnbWFpbC5jb20iLCJyZXNlbGxlcklkIjoxLCJpYXQiOjE2ODc5ODUzMDQsImV4cCI6MTY4Nzk5OTcwNH0.DK5S2ByzzM2W5pTK7pDfDiCCbyQmxmZvebPEZXo6xQc",
   "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2NDljOWM5NjhiNDI5YTdlOGNlZDkxM2UiLCJlbWFpbCI6Im1hcmtvLmxvamFuaWNhMTk5MUBnbWFpbC5jb20iLCJpYXQiOjE2ODc5ODUzMDQsImV4cCI6MTY4ODU5MDEwNH0.vdHXKFyboPc0cPvALoFzm92A86PHOQRN-c2vBAhqfL0"
}

Post/v1/auth/refresh

Refresh token

The Refresh endpoint of the Kalixo API provides a mechanism for clients to obtain a new access token using a refresh token. This endpoint is used when the access token has expired or is about to expire, allowing users to continue accessing protected resources without needing to reauthenticate.

To refresh the access token, clients need to send a POST request to the designated Refresh endpoint, including the refresh token in the Authorization header using the Bearer scheme. The refresh token serves as proof of the client's identity and authorization to request a new access token.

Request

POST
/v1/auth/refresh
curl -X POST \
  -H "Authorization: Bearer <REFRESH_TOKEN>" \
  https://api.kalixo.io/v1/auth/refresh

Response

{
   "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWQiOiI2NDljOWM5NjhiNDI5YTdlOGNlZDkxM2UiLCJlbWFpbCI6Im1hcmtvLmxvamFuaWNhMTk5MUBnbWFpbC5jb20iLCJyZXNlbGxlcklkIjoxLCJpYXQiOjE2ODc5ODUzMDQsImV4cCI6MTY4Nzk5OTcwNH0.DK5S2ByzzM2W5pTK7pDfDiCCbyQmxmZvebPEZXo6xQc",
   "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2NDljOWM5NjhiNDI5YTdlOGNlZDkxM2UiLCJlbWFpbCI6Im1hcmtvLmxvamFuaWNhMTk5MUBnbWFpbC5jb20iLCJpYXQiOjE2ODc5ODUzMDQsImV4cCI6MTY4ODU5MDEwNH0.vdHXKFyboPc0cPvALoFzm92A86PHOQRN-c2vBAhqfL0"
}