# Authentication

## Authenticate

This API endpoint allows users to authenticate and receive an ID token, access token, and refresh token.

<mark style="color:green;">**`POST`**</mark> `/v1/auth`

**Headers**

| Name         | Value              |
| ------------ | ------------------ |
| Content-Type | `application/json` |

**Body**

| Name       | Type   | Description                          | Required |
| ---------- | ------ | ------------------------------------ | -------- |
| `username` | string | The user's username or email address | Yes      |
| `password` | string | The user's password                  | Yes      |

**Response**

{% tabs %}
{% tab title="200" %}

```json
{
    "statusCode": 200,
    "statusMessage": "OK",
    "tokens": {
        "idToken": "eyJraWQiOiJLT0R...",
        "accessToken": "eyJraWQiOiJLT0R...",
        "refreshToken": "eyJraWQiOiJLT0R..."
    }
}
```

{% endtab %}

{% tab title="400" %}

```json
{
    "statusCode": 400,
    "statusMessage": "Login failed",
    "error": "Incorrect username or password."
}
```

{% endtab %}
{% endtabs %}

#### Security Considerations

* Ensure that the connection to the API is made over HTTPS to protect sensitive information such as passwords and tokens.
* Store tokens securely on the client side to prevent unauthorized access.

## Refresh Token

The refresh token obtains a new access token when the current one expires.

<mark style="color:green;">**`POST`**</mark> `/v1/auth/refreshtoken`

**Headers**

| Name         | Value              |
| ------------ | ------------------ |
| Content-Type | `application/json` |

**Body**

| Name           | Type   | Description                                              |
| -------------- | ------ | -------------------------------------------------------- |
| `refreshtoken` | string | Refresh token which is return from authenticate endpoint |

**Response**

{% tabs %}
{% tab title="200" %}

```json
{
    "statusCode": 200,
    "statusMessage": "OK",
    "tokens": {
        "idToken": "eyJraWQiOiJLT0R...",
        "accessToken": "eyJraWQiOiJLT0R...",
        "refreshToken": "eyJraWQiOiJLT0R..."
    }
}
```

{% endtab %}

{% tab title="400" %}

```json
{
    "statusCode": 400,
    "statusMessage": "Failed to refresh token",
    "error": "Invalid Refresh Token"
}
```

{% endtab %}

{% tab title="400" %}

```json
{
    "statusCode": 400,
    "statusMessage": "Missing refresh token"
}
```

{% endtab %}
{% endtabs %}