Skip to main content

Authentication

The Login​

To log in, it is essential to know our access credentials, specifically for the API in question. With these credentials, authentication requests can be sent from a web browser or using command-line tools like curl. This process ensures that only authorized users can access the system, maintaining the integrity and security of the platform.

curl -X POST https://b2market.es/api/login -H "Content-Type: application/json" -d "{\"_username\":\"username\",\"_password\":\"password\"}"

Obtain JWT Token​

After sending the request to login, the system will respond with a JWT token. This JWT token is a standardized format used for authentication and contains encoded information that validates the user's identity. This token can be subsequently used in further requests to access protected resources within the system. It is important to handle and store this token securely as it represents the user's authorization in the API.

{"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpYXQiOjE3MTgzMDcxNTQsImV4cCI6MTcxODMxNDM1NCwicm9sZXMiOnsiR0VUIjp0cnVlLCJQT1NUIjp0cnVlLCJERUxFVEUiOnRydWUsIlBVVCI6dHJ1ZX0sInVzZXJuYW1lIjoiYWRtaW4ifQ.q5DSWSrIutdyIVYqVxyIzl5oQMxr2NgSu0Ln1CqzbBJaEW3ZHPs7OArr473nPkqDozp9wYK2oTHPZq3HCfkxm57sZRuPYIVSqNPBpGJoi3NfkRrSHU7gEYEXKFqSTACksx8y5qkFWIDNozyoenEpqbbbLbZSQCO0EB1TpNnHJGPitunCuzXAiCPwC7nhqrWQ0cJHlqNCIy_io0xMERf9Ff8D-IcBNGXUl13Or-TL4NdlvDdpCMc1BL_dg6T67GEyRvXaLu3x4l7PdN8B8ePY2Png0mo3mtyAKWp4RC77TL0eFxXfgSu7J6cff3q0NHebN3E-JIilWd_9cD1dqJVA0Q"}

This JWT token has a limited lifespan. Therefore, if at any point an error 403 is received, it indicates that the token has expired or is invalid. In such cases, it will be necessary to go through the login process again to obtain a new valid token. This approach ensures system security by requiring periodic authentication and token renewal to securely access protected resources.

Verify Token​

If desired, you can verify the validity of this token anytime through the following URL. This feature allows you to ensure that the JWT token is still valid and authorized to access protected resources.

curl -X POST -s "Accept-Charset: utf-8" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpYXQiOjE3MTgzMDcxNTQsImV4cCI6MTcxODMxNDM1NCwicm9sZXMiOnsiR0VUIjp0cnVlLCJQT1NUIjp0cnVlLCJERUxFVEUiOnRydWUsIlBVVCI6dHJ1ZX0sInVzZXJuYW1lIjoiYWRtaW4ifQ.q5DSWSrIutdyIVYqVxyIzl5oQMxr2NgSu0Ln1CqzbBJaEW3ZHPs7OArr473nPkqDozp9wYK2oTHPZq3HCfkxm57sZRuPYIVSqNPBpGJoi3NfkRrSHU7gEYEXKFqSTACksx8y5qkFWIDNozyoenEpqbbbLbZSQCO0EB1TpNnHJGPitunCuzXAiCPwC7nhqrWQ0cJHlqNCIy_io0xMERf9Ff8D-IcBNGXUl13Or-TL4NdlvDdpCMc1BL_dg6T67GEyRvXaLu3x4l7PdN8B8ePY2Png0mo3mtyAKWp4RC77TL0eFxXfgSu7J6cff3q0NHebN3E-JIilWd_9cD1dqJVA0Q" https://b2market.es/api/verify_token

Upon verification, the API will respond with a JSON object containing information about the token's validity and associated user details.

{   "valid":true,
    "payload":
    {
        "iat":1718307154,
        "exp":1718314354,
        "roles": {
              "GET":true,
              "POST":true, 
              "DELETE":true,
              "PUT":true
        }, 
        "username":"admin"
    }
}

Response Details​

  • valid: Indicates whether the token is valid (true) or not (false).
  • payload: Contains the token's payload.
    • iat: Issued At time (in UNIX timestamp format).
    • exp: Expiration time (in UNIX timestamp format).
    • roles: Lists the permissions associated with the token:
      • GET
      • POST
      • DELETE
      • PUT
    • username: The username associated with the token, representing the authenticated user.

Security Tip: Always keep your JWT token secure and do not expose it in URLs or public repositories. Treat it like a password.

Hook Errors​

ErrorResponse StatusResponse Body
This error occurs when a connection to the database cannot be established. It is an internal server issue.500{"code": 500,"error": "Database connection failed."}
This error indicates that the JWT token provided is not valid and the user needs to log in again to obtain a valid JWT token.500{"code": 500,"valid": false,"error": "Token is not valid. Please login again."}
This error occurs when the authentication provided is not valid due to an incorrect Password.401{"code": 401,"error": "Invalid password."}
This error occurs when the authentication provided is not valid due to an incorrect Username.401{"code": 401,"error": "User not found."}