Skip to main content
Every request to the SmartLogix API must carry a valid JSON Web Token (JWT). The auth service issues tokens when you register and log in. The API gateway validates the token before forwarding requests downstream — no token, no access. Tokens are signed with HMAC-SHA and expire after 24 hours.

Authentication flow

1

Register an account

Create your SmartLogix account by sending your email and password to the registration endpoint. Each email address must be unique across the platform.
curl -X POST http://localhost:8080/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "yourpassword"
  }'
A successful registration returns a plain-text confirmation. You can now log in with the same credentials.
2

Log in to get a token

Send your credentials to the login endpoint. The response body is the raw JWT string — store it securely.
curl -X POST http://localhost:8080/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "yourpassword"
  }'
Example response:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyQGV4YW1wbGUuY29tIi...
The token payload includes your email address and role. The API gateway reads these claims and injects an X-User-Email header on all downstream service requests.
3

Use the token on every request

Include the token in the Authorization header using the Bearer scheme on every protected API call.
curl http://localhost:8080/api/pedidos \
  -H "Authorization: Bearer <your-token>"
Replace <your-token> with the JWT string returned by the login endpoint.

Token lifetime

Tokens are valid for 24 hours from the moment of issue. After that, the gateway will reject the token and return a 401 Unauthorized response. When you receive a 401, your session has expired. Log in again to obtain a new token and resume your requests.
Treat your token like a password. Do not embed it in client-side code, commit it to version control, or share it in logs. Store it in a secure location such as an environment variable or a secrets manager. If your token is compromised, log in again to issue a new one — the old token will expire on its own schedule.

Endpoint reference

MethodPathAuth requiredDescription
POST/api/auth/registerNoCreate a new account
POST/api/auth/loginNoLog in and receive a JWT
All other endpoints in the SmartLogix API require a valid Authorization: Bearer <token> header.