Authentication
Learn how to authenticate your requests to the CRM Dashboard API.
Authentication Methods
Bearer Token Authentication
All API requests must include an Authorization header with a valid Bearer token:
Authorization: Bearer your_access_tokenObtaining Access Tokens
To obtain an access token, make a POST request to the authentication endpoint:
POST /api/auth/token
{
"email": "your.email@example.com",
"password": "your_password"
}Token Management
Token Expiration
Access tokens are valid for 24 hours. You should implement token refresh logic in your application to maintain continuous access.
Refreshing Tokens
To refresh an expired token, make a POST request to the refresh endpoint:
POST /api/auth/refresh
{
"refresh_token": "your_refresh_token"
}Security Best Practices
- Never share your access tokens or include them in client-side code
- Implement proper token storage and handling in your application
- Rotate refresh tokens periodically for enhanced security
- Use HTTPS for all API requests to ensure data encryption