API Authentication
Authenticate with API credentials and obtain access tokens
API Authentication
Authenticate using your API credentials and obtain JWT tokens for B2B API access.
Endpoint
POST /auth/loginAuthentication: None required (public endpoint)
Request Body
{
"username": "your_api_username",
"password": "your_api_password"
}Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| username | string | Yes | Your API username from the dashboard |
| password | string | Yes | Your API password (keep secure!) |
Response
Success (200 OK)
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"access_expires_at": "2024-01-15T10:30:00Z",
"refresh_expires_at": "2024-01-22T09:00:00Z",
"client_id": 123456
}Response Fields
| Field | Type | Description |
|---|---|---|
| access_token | string | JWT token for API authentication |
| refresh_token | string | Token to refresh access token |
| access_expires_at | datetime | Access token expiration timestamp (UTC) |
| refresh_expires_at | datetime | Refresh token expiration timestamp (UTC) |
| client_id | number | Your unique client identifier |
Error Responses
400 Bad Request
{
"error": "validation_error",
"message": "Username and password are required"
}401 Unauthorized
{
"error": "unauthorized",
"message": "Invalid credentials"
}429 Too Many Requests
{
"error": "Too Many Requests",
"message": "Too many login attempts. Please try again later."
}Examples
curl -X POST {{host}}/auth/login \
-H "Content-Type: application/json" \
-d '{
"username": "your_api_username",
"password": "your_api_password"
}'<?php
$data = [
'username' => 'your_api_username',
'password' => 'your_api_password'
];
$ch = curl_init('{{host}}/auth/login');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
$data = json_decode($response, true);
$accessToken = $data['access_token'];
curl_close($ch);
?>Next Steps
- Store the
access_tokensecurely - Use the token in the Authorization header for API calls
- Set up automatic token refresh before expiration
- Implement logout to clear tokens