Authentication

General

Using the endpoints requires logging in with a username and password via the /auth/login endpoint.
The API returns a JSON Web Token (JWT), which must be included in the Authorization header in every request.
The response also includes information about the available endpoints.

POST /api/v1/auth/login

Request

// Header: Content-Type application/json 
{
   "username":"db",
   "password":"supersecret" 
}

Response

// Response (200 OK) {
   "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZHMiOlsyNl0sImlhdCI6MTc1NzI1Mzc4OCwiZXhwIjoxNzU3MjU0MDg4fQ.U0l6SnFOTmx3eVh0eTgxVmQ4UU1jZ0s1TjRGMGtyd1FobDFTREt2OWpHUT0",
   "endPoints": [ "persons" ] 
}

Using the JSON Web Token

Add the JWT to all subsequent requests:

Authorization: Bearer JWT_TOKEN_VALUE

Token validity

The JWT is valid for up to 5 minutes.
A new token is obtained by logging in again.
The encryption key is not stored permanently, so all tokens become invalid when the server is restarted (for example, during an update).

Päivitetty edellisen kerran helmikuun 24, 2026