Authentication
API Authorization Documentation
The API Authorization includes endpoints for generating and refreshing JWT tokens. These endpoints are essential for secure and authenticated access to other API functionalities.
1. Generate JWT Token
Endpoint:
POST /api/v1/Authorization/GenerateJwtToken
Description:
Generates a JWT token for a specified application. The token includes an accessToken
and a refreshToken
, which can be used for authentication and token refresh operations.
Request Headers:
Content-Type: application/json; x-api-version=1.0
Accept: application/json
Request Body:
{
"applicationId": "urn:uuid:91c698db-5cbe-0f55-915e-bd64d5178337",
"jwtPrivateKey": "85896144dda1ff0b68fce638a221a7e824720e3622be630ff7c51ae94978c3b482d66886aecbb56469bbf990719c1e11b5a811ed6663a4915f4e34df486866d2"
}
Field
Type
Description
applicationId
string
The unique identifier (UUID) of the application.
jwtPrivateKey
string
The private key used to sign the JWT.
Response:
Status 200 OK
{
"$id": "1",
"applicationId": "d5eabbb8-c0f6-4640-94fd-3566edad499f",
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"accessTokenExpiration": "2024-12-20T11:57:50.974699Z",
"refreshToken": "OjKkePJHJOtX6wPl8S88U6da4XiZrjqfBXBtmOpQXiE=",
"refreshTokenExpiration": "2024-12-27T11:57:50.974699Z"
}
Field
Type
Description
applicationId
string
The unique identifier (UUID) of the application.
accessToken
string
The JWT access token for authentication.
accessTokenExpiration
datetime
Expiration date and time for the accessToken
.
refreshToken
string
Token used to obtain a new accessToken
without logging in again.
refreshTokenExpiration
datetime
Expiration date and time for the refreshToken
.
Error Responses:
Status 400 Bad Request
Invalid input data or missing required fields.
Status 500 Internal Server Error
Server-side error during token generation.
2. Refresh JWT Token
Endpoint:
POST /api/v1/Authorization/RefreshJwtToken
Description:
Refreshes an expired JWT access token using a valid refreshToken
.
Request Headers:
Content-Type: application/json; x-api-version=1.0
Accept: application/json
Request Body:
{
"applicationId": "d7f1bd96-8a69-6cf1-2f8f-bf4485909cc9",
"jwtPrivateKey": "adipisicing labore occaecat quis",
"refreshToken": "cupidatat"
}
Field
Type
Description
applicationId
string
The unique identifier (UUID) of the application.
jwtPrivateKey
string
The private key used to sign the JWT.
refreshToken
string
The token used to refresh the expired access token.
Response:
Status 200 OK
{
"$id": "1",
"applicationId": "d5eabbb8-c0f6-4640-94fd-3566edad499f",
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"accessTokenExpiration": "2024-12-20T11:28:25.452242Z",
"refreshToken": "KusyuOxD5xg7rmWEdJ+iPN8NRkatb1bRsCuQYqpzXq0=",
"refreshTokenExpiration": "2024-12-27T11:28:25.452242Z"
}
Field
Type
Description
applicationId
string
The unique identifier (UUID) of the application.
accessToken
string
The refreshed JWT access token for authentication.
accessTokenExpiration
datetime
Expiration date and time for the refreshed accessToken
.
refreshToken
string
Token used to obtain another new accessToken
if necessary.
refreshTokenExpiration
datetime
Expiration date and time for the new refreshToken
.
Error Responses:
Status 400 Bad Request
Invalid input data or missing required fields.
{ "type": "https://tools.ietf.org/html/rfc7231#section-6.5.1", "title": "One or more validation errors occurred.", "status": 400, "traceId": "00-131a39782d3aa54ef0cfae62c715a4e2-61df78abdb62e43d-00", "errors": { "model": [ "The model field is required." ], "$.applicationId": [ "The JSON value could not be converted to System.Guid. Path: $.applicationId | LineNumber: 1 | BytePositionInLine: 56." ] } }
Status 401 Unauthorized
Invalid or expired refresh token.
{ "errors": { "business:": [ "Token is missing, invalid or ApplicationId is not found in the token." ] }, "type": "https://tools.ietf.org/html/rfc7231#section-6.5.1", "title": "One or more errors occurred.", "status": 401, "detail": null, "instance": null, "extensions": { "traceId": "00-fc878634896257c5991ac5399ab6c46c-416e4be3606fdbaa-00" } }
Status 500 Internal Server Error
Server-side error during token refresh.
{ "errors": { "business:": [ "InvokeAsync: Authorization service configuration error." ] }, "type": "https://tools.ietf.org/html/rfc7231#section-6.5.1", "title": "An unexpected error occurred.", "status": 500, "detail": null, "instance": null, "extensions": { "traceId": "00-914cddf34585cf2527567899edf9f640-4fa7d7aed5c16373-00" } }
Last updated