POST /auth - User Authentication
Authenticate a user and receive access and refresh tokens.
Endpoint URL
POST /api/auth?api_token=your_api_access_token
Request Headers
Content-Type: application/jsonRequest Body
{
"username": "user@example.com",
"password": "user_password"
}Response
Success (200 OK):
{
"status": "success",
"message": "Authentication successful",
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
"refresh_token": "def50200a1b2c3d4e5f6789...",
"expires_in": 3600,
"token_type": "Bearer"
}Error (401 Unauthorized):
{
"status": "error",
"message": "Invalid credentials"
}Example Usage
curl -X POST "https://api.creditrisk.co.za/api/auth?api_token=your_api_token" \
-H "Content-Type: application/json" \
-d '{
"username": "user@example.com",
"password": "password123"
}'fetch('https://api.creditrisk.co.za/api/auth?api_token=your_api_token', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
username: 'user@example.com',
password: 'password123'
})
})
.then(response => response.json())
.then(data => {
console.log('Auth success:', data);
localStorage.setItem('access_token', data.access_token);
localStorage.setItem('refresh_token', data.refresh_token);
});Important Notes
- Always store tokens securely (use secure storage, not local storage for sensitive apps)
- Access tokens expire - use the refresh token to get new ones
- Include the API token in all requests
- Use HTTPS for all API calls