Appearance
Authentication
Learn how to authenticate with the MyWarranties API using JWT tokens.
Overview
MyWarranties uses JWT (JSON Web Tokens) for authentication. All API endpoints (except /api/login) require a valid JWT token.
Login
POST /api/login
Obtain a JWT token by providing email and password.
Request:
http
POST /api/login HTTP/1.1
Host: api.my-warranties.nl
Content-Type: application/json
{
"email": "user@example.com",
"password": "password123"
}Response (200 OK):
json
{
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9...",
"user": {
"id": 1,
"email": "user@example.com",
"name": "John Doe",
"roles": ["ROLE_USER"]
}
}Error Response (401 Unauthorized):
json
{
"code": 401,
"message": "Invalid credentials."
}Using the Token
Include the JWT token in the Authorization header:
http
GET /api/products HTTP/1.1
Host: api.my-warranties.nl
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGc...Token Expiration
JWT tokens expire after 1 hour (3600 seconds).
When a token expires, you'll receive:
json
{
"code": 401,
"message": "Expired JWT Token"
}Simply request a new token using /api/login.
Roles
MyWarranties has three roles:
| Role | Description | Access |
|---|---|---|
ROLE_USER | Default user | Own products and claims |
ROLE_SUPPLIER | Supplier/vendor | All claims, can respond |
ROLE_ADMIN | Administrator | Full system access |
Roles are included in the JWT token and checked on each request.
Best Practices
- Store securely - Never store tokens in localStorage
- HTTPS only - Always use HTTPS in production
- Refresh tokens - Implement token refresh mechanism
- Logout - Clear tokens on logout
- Short expiration - Keep token lifetime short