api:auth
API : Authentication
This is the requests that can be made for performing authentication. No other API functions are available without being authenticated.
| Login | Authenticate and get a token that allows access to the rest of the API. |
| Logout | End the current session. |
| Validate token | Check if a token is still valid. |
| Impersonate | Impersonate another user temporarily |
| Reset | Request password reset. |
| Set password | Set password using reset link. |
| Set organization reseller | For organizations. |
How to use a token
The token can be presented in 4 ways:
| Method | Description | Example |
|---|---|---|
| HTTP header | As an HTTP header adhering to the JWT method (preferred) | Authorization: Bearer <TOKEN-STRING> |
| HTTP header | As an HTTP header using API key | X-API-Key: <TOKEN-STRING> |
| Body | As a property in the JSON body on POST requests | { token: <TOKEN-STRING>, other-arg: 'value' } |
| Query | As an argument on the URL | ?a=b&token=<TOKEN-STRING> |
| Cookie | In a cookie, set by the server on login (not recommended due to risk of Cross-Site-Scripting exploitation) | n/a |
A token will only be valid for the number of minutes specified in expiresInMinutes. Before that period has passed, the client application must call any protected page, to keep the token valid, this will reset the timeout (e.g. if expiresInMinutes = 15, then another 15 minutes is available from the time of the request).
api/auth.txt · Last modified: 2025/11/10 09:44 by Per Møller