Authentication
In NovaStack project, we use token-based authentication to ensure the security of API requests.
Obtaining a Token
To obtain an authentication token, send a POST request to the /api/auth/login endpoint with your username and password.
Request Example
POST /api/auth/login HTTP/1.1
Host: example.com
Content-Type: application/json
{
"username": "user@example.com",
"password": "your_password",
"deviceId": "unique-device-id"
}Response Example
{
"code": 0,
"message": "Login successful",
"user": {
"id": 1,
"username": "user",
"email": "user@example.com"
},
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.xxxxx",
"refreshToken": "refresh-token-value",
"expiresIn": 604800
}Using the Token
In subsequent API requests, tokens are automatically included via cookies set by the system.
Cookie Settings
After a successful login, the system automatically sets the following cookies:
auth-token: Access token (30 minutes validity)refresh-token: Refresh token (7 days validity)isAuth: Authentication status indicator
Manual Token Usage
If you need to manually set request headers:
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.xxxxxToken Refresh
When an access token expires, the system automatically uses the refresh token to obtain a new access token. Refresh tokens are requested through the /api/auth/refresh endpoint.
Request Example
POST /api/auth/refresh HTTP/1.1
Host: example.comResponse Example
{
"code": 0,
"message": "Refresh successful"
}Logout
To log out a user session, send a POST request to the /api/auth/logout endpoint. The system will clear all authentication-related cookies.
Request Example
POST /api/auth/logout HTTP/1.1
Host: example.com
Content-Type: application/json
{
"deviceId": "unique-device-id"
}By following these steps, you can securely manage user authentication states and protect your API resources.