Authentication API

This document describes the authentication endpoints for obtaining and managing access tokens.

Authenticate a user and receive an access token.

Endpoint: /_a/login

Method: POST

Request Headers:

Form Parameters:

Success Response:

Code: 200 OK

{
    "token": "eyJhbGciOiJIUzI1NiIs...",
    "expires_at": 34344233232
}

Error Responses:

Code: 400 Bad Request

{
    "error": "Invalid username or password."
}

Code: 403 Forbidden

{
    "error": "Access not allowed for disabled user."
}

Code: 403 Forbidden

{
    "error": "Access not allowed for unverified user."
}

Example Usage:

Login Request

curl -X POST https://api.example.com/_a/login \
  -F "username=user@example.com" \
  -F "password=yourpassword"

Request access using token

curl -X GET https://api.example.com/_a/protected-resource \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."

Logout

Invalidate the current access token.

Endpoint: /_a/logout

Method: POST

Headers:

Success Response:

Code: 200 OK

{
    "message": "Successfully logged out"
}

Example Usage:

Logout Request

curl -X POST https://api.example.com/_a/logout \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."