🇺🇸 EnglishAuthenticationHow to authenticate

Authentication

Colurs uses JWT (JSON Web Tokens) to authenticate all API requests. Each token has a limited lifetime and must be renewed using the refresh token. All endpoints also require the x-api-key header for authorization.

Authentication flow

1. Login

Send credentials (username + password) to endpoint /token/ and receive a token pair: access y refresh. The platform field indicates the request origin (API by default).

2. Use the access token

Include the token in each request:

Authorization: Bearer <access_token>
x-api-key: <api_key>

3. Refresh the token

The access token expires in 15 minutes. When it expires, use the refresh token at /token/refresh/ to obtain a new one without having to log in again.

4. Logout

JWT is stateless. Logout is done by deleting both tokens on the client side. There is no blacklist endpoint.

Endpoints

Login — Get tokenRefresh — Renew tokenLogout — Close session

JWT configuration

ParameterValue
Access Token Lifetime15 minutes
Refresh Token Lifetime10 000 days
AlgorithmHS256

Before authenticating, you need an existing account. If you do not have one, go to Register.

EnvironmentsLogin (Get token)