JWTs (JSON Web Token) are used for user authentication in web or mobile applications. They have a limited lifespan (20 minutes) and require a rotation mechanism using refresh tokens, ensuring a higher level of security for client sessions.
Usage
To authenticate an HTTP request using a JWT, include the Authorization header.
curl --request GET \
--url '/records' \
--header 'Authorization: Bearer <YOUR_JWT>'
Getting a Token
To get a JWT token, you need to complete three steps:
Create an EmailValidationToken
Confirm the EmailValidationToken using the nine-digit code sent to the specified email address
Use the confirmed EmailValidationToken to obtain an access token and a refresh token
Token Rotation
As mentioned above, the access token must be refreshed every 20 minutes. To get a new pair of tokens, use the refresh token.
Refresh tokens are valid for one month and are single-use.
