Authentication

The initial step that needs to be configured is the authentication flow. See the sample example how this can be configured. Links to more detailed instructions can be found at the end of the article.

How this example works

OpenLoyalty uses JWT Tokens to authenticate all API calls.

Properly setting up authentication is crucial for maintaining application security and ensuring uninterrupted service. This helps avoid issues such as excessive request rates or the use of invalid or expired tokens.

Try yourself

Login with the admin username and password Endpoint: POST /api/admin/login_check
Save token and refresh_token from the responses
Refresh your previously saved token Endpoint: POST /api/token/refresh
Input the token in the header for all the subsequent requests

Endpoints used

This method allows to login for admin.

This method allows to login and get a JWT token for the admin

POSThttp://openloyalty.localhost/api/admin/login_check

Body

usernamestring

Example: "admin"

passwordstring

Example: "password"

Response

Body

tokenstring

Example: "eyJhbGciOiJSUzI1NiIsInR5cCI6..."

refresh_tokenstring

Example: "0558f8bb29948c4e54c443f..."

Request

const response = await fetch('http://openloyalty.localhost/api/admin/login_check', {
    method: 'POST',
    headers: {
      "Content-Type": "application/json"
    },
    body: JSON.stringify({}),
});
const data = await response.json();

Response

{
  "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6...",
  "refresh_token": "0558f8bb29948c4e54c443f..."
}

This method allows to refresh JWT.

POSThttp://openloyalty.localhost/api/token/refresh

Body

refresh_tokenstring

Example: "0558f8bb29948c4e54c443f..."

Response

Body

tokenstring

Example: "eyJhbGciOiJSUzI1NiIsInR5cCI6..."

refresh_tokenstring

Example: "0558f8bb29948c4e54c443f..."

Request

const response = await fetch('http://openloyalty.localhost/api/token/refresh', {
    method: 'POST',
    headers: {
      "Content-Type": "application/json"
    },
    body: JSON.stringify({}),
});
const data = await response.json();

Response

{
  "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6...",
  "refresh_token": "0558f8bb29948c4e54c443f..."
}

More resources

For a detailed overview and description of the authentication flow, please refer to these articles:

AdminsUser Guide

Last updated 2 months ago

Was this helpful?