Skip to main content

JSON Web Token

Follow these steps to to implement authentication with a refreshable token:
  1. A login is performed using the /api/auth/mandate/request or the /api/auth/generate_tokens endpoint. An access token and a refresh token will be returned.
  2. The two tokens need to be stored for future use.
  3. Any authenticated request will require the access token to be present in the HTTP header.
  4. When the access token is about to expire, the refresh token can be used to obtain a new access token, using the /api/auth/refresh_access_token endpoint.
  5. If the JWT is refreshable, loop back to step 3, until the refresh token is about to expire. A new refresh token can be obtained using the previously obtained refresh token (which is about to expire) by using /api/auth/update_refresh_token endpoint.
  6. If the JWT is non-refreshable, a new login needs to be performed again to start over. Return to step 1.