Authentication
Overview
Whatomate supports two authentication methods:
- JWT Tokens - For user sessions and frontend applications
- API Keys - For server-to-server integrations and automation
After logging in, you receive an access token and refresh token. Include the access token in the Authorization header for all protected API requests. Alternatively, use an API key in the X-API-Key header.
Register
Create a new user account.
POST /api/auth/registerRequest Body
{ "email": "user@example.com", "password": "securepassword123", "name": "John Doe"}Response
{ "status": "success", "data": { "user": { "id": "uuid", "email": "user@example.com", "name": "John Doe", "created_at": "2024-01-01T00:00:00Z" }, "access_token": "eyJhbGciOiJIUzI1NiIs...", "refresh_token": "eyJhbGciOiJIUzI1NiIs...", "expires_in": 3600 }}Login
Authenticate and receive tokens.
POST /api/auth/loginRequest Body
{ "email": "user@example.com", "password": "securepassword123"}Response
{ "status": "success", "data": { "user": { "id": "uuid", "email": "user@example.com", "name": "John Doe" }, "access_token": "eyJhbGciOiJIUzI1NiIs...", "refresh_token": "eyJhbGciOiJIUzI1NiIs...", "expires_in": 3600 }}Refresh Token
Get a new access token using your refresh token.
POST /api/auth/refreshRequest Body
{ "refresh_token": "eyJhbGciOiJIUzI1NiIs..."}Response
{ "status": "success", "data": { "access_token": "eyJhbGciOiJIUzI1NiIs...", "refresh_token": "eyJhbGciOiJIUzI1NiIs...", "expires_in": 3600 }}Using Tokens
Include the access token in the Authorization header for all protected API requests:
curl -X GET "http://your-server:8080/api/contacts" \ -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."Token Expiration
| Token Type | Default Expiration |
|---|---|
| Access Token | 1 hour |
| Refresh Token | 7 days |