HomeLog InSign Up

Authentication

The JFW API uses Auth Keys to authenticate Protocol requests. You can obtain an Auth Key by either using the JFW libraries or calling the following API endpoint:

Authenticates the user with the given email and password.

post

After a successful authentication, the following headers must be included to register or update the user’s device:

  • X-Device-Code: A unique identifier for the device.
  • X-Device-Token: The Firebase device token used for push notifications.
  • X-Device-Name: The name/model of the device.
  • X-App-Version-Number: The version of the application.
  • X-Os-Device: The operating system of the device (iOS, Android).
Header parameters
Brand-URLstringRequired

The brand URL of the request. This is used to identify the brand.

Example: YOUR_BRAND_URL
Body

This is the model class for UserAuthentication.

usernamestring · min: 1Required

This represents the username of the user.

Example: john.doe
emailAddressstring | nullableRead-onlyOptional

The email address of the user to authenticate.

passwordstring · min: 1Required

This represents the password of the user.

Example: password
Responses
200

The request was successful.

application/json
post
POST /api/v1/users/auth HTTP/1.1
Host: protocol.jframework.io
Brand-URL: text
Content-Type: application/json
Accept: */*
Content-Length: 71

{
  "username": "john.doe",
  "emailAddress": "john.doe",
  "password": "password"
}
{
  "success": true,
  "statusCode": 200,
  "message": "The request was successful.",
  "data": {
    "id": "asdasdcwAqrNxIT0xQdkMvR",
    "username": "user",
    "emailAddress": "[email protected]",
    "phoneNumber": "+123456789",
    "authKey": "8mgBXMwMchIWWlLmvEL9RasdasdcwAqrNxIT0xQdkMvRndmSjh4YmtOcjdZb2taUT09N1J5bVdzRDlUUWhhRFFwdlRhemk4ZDFuaFdHajYzVXlYLy9valkwYXpuQT0=",
    "refreshAuthKey": "Li48YUZxXkS52eNwx5D2yA4axptAvd1IWGxCZndDODFQTTZ5VnNoOVFLb1RGdz09cmlLTXQ4c1Y0RENDSHQ1QWtMU2I4a0tOem05QmtNd0pTUlpGenpsc0hBOD0=",
    "expiresIn": "2025-10-19T04:20:20.6287248Z"
  },
  "errors": []
}

After having the Auth Key, you have to put that Auth Key and Brand URL to your HTTP request header to use other API endpoints.

Brand-URL: your-domain.com
Auth-Key: your-key-is-here

Instead of an API key, we use a combination of Brand-URL and Auth-Key to gain access to API endpoints. To access those API endpoints that need certain permissions, we must include Auth-Key, brandUrl, or both in the request body. These values may not match the ones in the request headers.

If you need to use the device access, add the key header Device-Code before using the device access feature.

PreviousOverviewNextRate Limiting

Last updated

Was this helpful?