Auth
The Kalixo API includes an Authentication (Auth) service that utilizes JSON Web Tokens (JWT) for secure authentication and authorization. When making requests to protected endpoints, clients are required to include an Authorization header with the Bearer scheme, followed by a valid JWT token.
Upon successful authentication, the Auth service generates an access token that serves as proof of the client's identity and permissions. This access token has a shorter lifespan and typically lasts for 4 hours. It is used to authenticate subsequent requests to protected resources.
To ensure a seamless user experience and prevent frequent reauthentication, the Auth service also issues a refresh token alongside the access token. The refresh token has a longer expiration period, typically lasting for 8 hours. When the access token expires, clients can use the refresh token to obtain a new access token without requiring the user to re-enter their credentials.
By implementing JWT-based authentication, using the Bearer scheme in the Authorization header, and incorporating refresh tokens, the Kalixo API provides a secure and user-friendly authentication mechanism. This approach ensures that clients can access protected resources for a specified duration, while also allowing for automatic token renewal to maintain a smooth user experience.
Login
The Login endpoint of the Kalixo API allows users to securely authenticate and obtain access to their accounts. To initiate the login process, clients need to send a POST request to the designated Login endpoint, providing their credentials in the request body.
- Name
email
- Type
- string
- Description
Email address associated with your account.
- Name
password
- Type
- string
- Description
Your account password.
Upon successful authentication, the endpoint verifies the user's credentials and generates a JSON Web Token (JWT) that serves as the access token. This token is then returned in the response, allowing the client to authenticate subsequent requests to protected resources.
Request
curl -X POST -H "Content-Type: application/json" -d '{
"email": "[email protected]",
"password": "zpVY8eV!wk"
}' https://api.kalixo.io/v1/auth/login
Response
{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWQiOiI2NDljOWM5NjhiNDI5YTdlOGNlZDkxM2UiLCJlbWFpbCI6Im1hcmtvLmxvamFuaWNhMTk5MUBnbWFpbC5jb20iLCJyZXNlbGxlcklkIjoxLCJpYXQiOjE2ODc5ODUzMDQsImV4cCI6MTY4Nzk5OTcwNH0.DK5S2ByzzM2W5pTK7pDfDiCCbyQmxmZvebPEZXo6xQc",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2NDljOWM5NjhiNDI5YTdlOGNlZDkxM2UiLCJlbWFpbCI6Im1hcmtvLmxvamFuaWNhMTk5MUBnbWFpbC5jb20iLCJpYXQiOjE2ODc5ODUzMDQsImV4cCI6MTY4ODU5MDEwNH0.vdHXKFyboPc0cPvALoFzm92A86PHOQRN-c2vBAhqfL0"
}
Refresh token
The Refresh endpoint of the Kalixo API provides a mechanism for clients to obtain a new access token using a refresh token. This endpoint is used when the access token has expired or is about to expire, allowing users to continue accessing protected resources without needing to reauthenticate.
To refresh the access token, clients need to send a POST request to the designated Refresh endpoint, including the refresh token in the Authorization header using the Bearer scheme. The refresh token serves as proof of the client's identity and authorization to request a new access token.
Request
curl -X POST \
-H "Authorization: Bearer <REFRESH_TOKEN>" \
https://api.kalixo.io/v1/auth/refresh
Response
{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWQiOiI2NDljOWM5NjhiNDI5YTdlOGNlZDkxM2UiLCJlbWFpbCI6Im1hcmtvLmxvamFuaWNhMTk5MUBnbWFpbC5jb20iLCJyZXNlbGxlcklkIjoxLCJpYXQiOjE2ODc5ODUzMDQsImV4cCI6MTY4Nzk5OTcwNH0.DK5S2ByzzM2W5pTK7pDfDiCCbyQmxmZvebPEZXo6xQc",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2NDljOWM5NjhiNDI5YTdlOGNlZDkxM2UiLCJlbWFpbCI6Im1hcmtvLmxvamFuaWNhMTk5MUBnbWFpbC5jb20iLCJpYXQiOjE2ODc5ODUzMDQsImV4cCI6MTY4ODU5MDEwNH0.vdHXKFyboPc0cPvALoFzm92A86PHOQRN-c2vBAhqfL0"
}