Authentication Flows

Console uses JWT (JSON Web Tokens) for stateless authentication with an access/refresh token pattern.

Token Types

Token Type	Lifespan	Purpose
Access Token	10 minutes	Make API requests
Refresh Token	7 days	Renew access tokens

Login Flow

1. POST /v1/auth/login
   → Returns: access_token + refresh_token

2. Use access_token for API requests
   Authorization: Bearer <access_token>

3. When access_token expires (10 min):
   POST /v1/auth/refresh
   → Returns: new access_token + new refresh_token

4. Repeat step 2-3 as needed

Token Structure

Access tokens contain user context:

{
  "sub": "user_id",
  "user_id": "...",
  "company_id": "...",
  "team_id": "...",
  "email": "[email protected]",
  "is_owner": false,
  "token_type": "access",
  "exp": 1709821600
}

Implementation Guide

See Authentication Integration Guide for code examples.

For Product Users

Managing authentication settings in the UI? See Authentication Concepts.