Authentication

The API uses JWT (JSON Web Tokens) for authentication and authorization.

Overview

Authentication Method: JWT (JSON Web Tokens)
Token Storage: HTTP headers, cookies, or local storage
Token Lifetime: Configurable
Refresh Mechanism: Token refresh endpoints

Basic Flow

1. User submits credentials
   ↓
2. API validates credentials
   ↓
3. API generates JWT token
   ↓
4. Client stores token
   ↓
5. Client includes token in requests
   ↓
6. API validates token
   ↓
7. API processes request

Protected Endpoints

Use the @authenticate decorator:

typescript

import { authenticate } from '@loopback/authentication';

export class TicketController {
  @authenticate('jwt')
  @get('/tickets')
  async findTickets(): Promise<Ticket[]> {
    return this.ticketRepository.find();
  }
}

Coming Soon

This page is under construction. More details will be added about:

JWT configuration
Login/logout endpoints
Token refresh
Permission-based access control
Role management
Best practices

For now, refer to:

Authentication ​

Overview ​

Basic Flow ​

Protected Endpoints ​

Coming Soon ​

Authentication

Overview

Basic Flow

Protected Endpoints

Coming Soon