JWT Authentication - Quickstart
JSON Web Tokens (JWT) are short-lived tokens obtained by authenticating with email and password via the Login API. JWTs are the recommended method for web applications where a user logs in interactively.
FileSpin JWT has a default expiry of 24 hours. Web applications should handle expiry by taking the user through the login process again to obtain a new JWT.
Quick Start
# Step 1: Obtain JWT via Login API
curl -X POST https://app.filespin.io/api/v1/login \
-H "Content-Type: application/json" \
-d '{"email": "user@example.com", "password": "your_password"}'
# Step 2: Use JWT in subsequent requests
curl -H "Authorization: Bearer {JWT}" \
https://app.filespin.io/api/v1/assets
Send API requests with the JWT in the HTTP header:
Authorization: Bearer {JWT}
Where {JWT} should be replaced with the token obtained via the Login API.
About JWT
JSON Web Token (JWT) is an open standard (RFC 7519) for secure communication. You can use FileSpin JWT to create rich web applications such as React apps that run inside the web browser. The entire FileSpin API is available for use, opening up the possibility to create custom web interfaces that suit your business needs.
When to use:
- Single-page applications (React, Vue, Angular)
- Mobile applications
- Any client-side application where a user logs in
Key details:
- Default expiry: 24 hours
- Validate tokens via JWT Validation
- On expiry, redirect the user through the login flow to obtain a new token
JWT tokens carry the user's identity and permissions. Never expose them in URLs or client-side storage that is accessible to other scripts.