Authentification

Our application uses JSON Web Tokens (JWT) for authentication and authorization.

The JWT must be included in the HTTP request headers using the Authorization header with the Bearer schema. Example:

You can obtain a JWT token by sending a POST request with your signature to the following endpoint:

POST /api/auth/login

! Your account will be registered after you create Eth smart contract via Factory contract.

This endpoint have 3 body parameters:

1) signer: who create ves-contract

2) timestampInMs: timestamp in milliseconds, also it is message which signer must sign

3) signature: signature which contains timestampInMs value which sign by signer

! timestampInMs must be more/less than current time maximum on 5 minutes

Example request:

Example response:

Response contains 3 fields in data object:

1) accessToken: JWT token

2) refreshToken: string which using to refresh access token when it expired

3) accessExpiryAt: time when access token will expire, access token life is 15 minutes

4) refreshExpiryAt: time when refresh token will expire, refresh token life is 24 hours

When your access token expired, you can refresh it via endpoint

POST /api/auth/refresh

This endpoint have 3 body parameters:

1) expiredAccessToken: JWT token which you want refresh

2) refreshToken: refresh token which you get with access token

! You need provide refresh token which you get with access token, or refreshing will cancel

Example request:

Example response: