Skip to main content

Authentication


Login API Key to JWT

Exchange your API key for a short-lived JWT used in all subsequent requests.

Endpoint

PropertyValue
URLPOST /auth/login
MethodPOST
AuthNone
Content-Typeapplication/json

Example Request

curl --location '{{baseUrl}}/auth/login' \
--header 'Content-Type: application/json' \
--data-raw '{
"apiKey": "{{partnerApiKey}}"
}'

Partner login

Use your partner API key to obtain a partner JWT.

Request body:

{
"apiKey": "<your-partner-apiKey>"
}

Response:

{
"jwt": "<JWT_STRING>",
"expirationDate": "2026-06-26T07:56:42.199+00:00",
"refreshToken": "<REFRESH_TOKEN>",
"refreshTokenExpiration": "2026-07-25T07:56:42.201+00:00"
}
FieldDescription
jwtUse in R-Auth header for all subsequent calls
expirationDateExpiry timestamp. Re-login when reached
refreshTokenUse with /auth/refresh to obtain a new JWT without re-authenticating
refreshTokenExpirationExpiry timestamp of the refresh token (~30 days)
Token expiry

The JWT is short-lived. When it expires, you will receive a 401 response. Re-call /auth/login to obtain a new JWT.

Company login

Use a company API key, returned from Create company, to obtain a company JWT.

Endpoint

PropertyValue
URLPOST auth/login
MethodPOST
AuthNone
Content-Typeapplication/json

Example Request

curl --location '{{baseUrl}}/auth/login' \
--header 'Content-Type: application/json' \
--data-raw '{
"apiKey": "{{companyApiKey}}"
}'

Request body:

{
"apiKey": "<company-apiKey>"
}

Response:

{
"jwt": "<JWT_STRING>",
"expirationDate": "2026-06-01T12:00:00"
}
FieldDescription
jwtUse in R-Auth header for all subsequent calls
expirationDateExpiry timestamp. Re-login when reached
Token expiry

The JWT is short-lived. When it expires, you will receive a 401 response. Re-call /auth/login to obtain a new JWT, or use /auth/refresh with your refresh token.

Refresh JWT

Exchange your refresh token for a new JWT without re-authenticating with your API key.

The refresh token is returned from /auth/login and is valid for approximately 30 days.

Endpoint

PropertyValue
URLPOST /auth/refresh
MethodPOST
AuthNone
Content-Typeapplication/json

Example Request

curl --location '{{baseUrl}}/auth/refresh' \
--header 'Content-Type: application/json' \
--data-raw '{
"refreshToken": "{{refreshToken}}"
}'

Request body:

{
"refreshToken": "<refreshToken>"
}

Response:

{
"jwt": "<JWT_STRING>",
"expirationDate": "2026-06-01T12:00:00",
"refreshToken": "<REFRESH_TOKEN>",
"refreshTokenExpiration": "2026-07-01T12:00:00"
}
FieldDescription
jwtNew JWT to use in the R-Auth header
expirationDateExpiry timestamp of the new JWT, approximately 24 hours
refreshTokenNew refresh token. Store this for the next refresh request
refreshTokenExpirationExpiry timestamp of the new refresh token, approximately 30 days
Token rotation

Each refresh call invalidates the old refresh token and issues a new one. Always store the latest refreshToken from the response.