Authentication¶

This guide covers the authentication mechanisms used in the NSGG Backend API.

JWT Authentication¶

The API uses JSON Web Tokens (JWT) for authentication. Each authenticated request must include a valid JWT token in the Authorization header.

POST /api/v1/auth/login/

Request Body:

{
    "email": "user@example.com",
    "password": "your_password"
}

Response:

{
    "access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
    "refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..."
}

Include the access token in the Authorization header:

GET /api/v1/users/me/
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...

When the access token expires, use the refresh token to obtain a new one:

POST /api/v1/auth/refresh/

Request Body:

{
    "refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..."
}

Response:

{
    "access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..."
}

Create a new user account:

POST /api/v1/auth/register/

Request Body:

{
    "email": "user@example.com",
    "password": "secure_password",
    "first_name": "John",
    "last_name": "Doe"
}

POST /api/v1/auth/password/reset/

Request Body:

{
    "email": "user@example.com"
}

POST /api/v1/auth/password/reset/confirm/

Request Body:

{
    "token": "reset_token_from_email",
    "password": "new_password"
}

{
    "detail": "No active account found with the given credentials",
    "code": "invalid_credentials"
}

{
    "detail": "Token is invalid or expired",
    "code": "token_not_valid"
}

{
    "detail": "Request was throttled",
    "code": "throttled"
}