Authentication (Token-Based)
To access protected resources, use the Login API to authenticate users and retrieve a token.
Endpoint
Method: POST
URL: baseUrl/api/v1/auth/login
Headers
Content-Type: application/json
Request Body
Send a JSON object with the following fields:
| Field | Type | Required | Description |
|---|---|---|---|
| username | string | Yes | The unique username of the user setup during the onboarding step. |
| password | string | Yes | The corresponding 8 character long password. |
Example:
{
"username": "cashierUsername",
"password": "password"
}
Response
A successful response returns a JSON object containing an access token. This token must be included in the Authorization header for subsequent requests to protected resources.
Key Attributes
| Field | Type | Description |
|---|---|---|
| accessToken | string | The access token for authentication. |
| role | string | The role of the user in the system. E.g: CASHIER, MERCHANT |
| fullname | string | The full name of the user set during the onboarding process |
Example
{
"accessToken": "qayb4FLZHtA4Fo307OQgjtApalWP78k175DXpqotkD8",
"role": "MERCHANT",
"fullName": MERCHANT NAME
}
Usage Tips
- Keep Your Token Secure: Never expose the
accessTokenin client-side code or logs. - Token Expiry: The token expires after 24 hours. If your token expires, re-authenticate to obtain a new one.
- Include the Token in Requests: Use the format
Authorization: Bearer <accessToken>in the header when accessing protected resources.