Authentication

JWTs

JSON Web Tokens (JWTs) are a signed JSON object sent in the Authorization header in all requests towards the API. Once users log in, they receive a JWT (referred to here as auth_tokens) allowing them to access APIs that are permitted with that token.

The following example shows how an auth_token is included in the Authorization request header (the Bearer type) when creating a new user.

POST
/api/v1/user
1curl -X POST https://cdn.emnify.net/api/v1/user \
2     -H "Authorization: Bearer <token>" \
3     -H "Content-Type: application/json" \
4     -d '{
5  "username": "eabbot@flatland.org",
6  "name": "Edwin Abbott",
7  "organisation": {
8    "id": 123
9  },
10  "roles": [
11    {
12      "id": 1
13    },
14    {
15      "id": 2
16    }
17  ]
18}'

An auth_token shouldn’t be confused with an application_token. Application tokens are long-lived tokens that are sent in a POST request body to retrieve an auth_token instead of using a user and password combination.