The Kini API uses JWT (JSON Web Token) authentication to ensure secure access to the API. This mechanism provides a flexible and secure way to handle authentication and eliminates the need for managing passwords directly.
Overview
To authenticate with the Kini API:
- Obtain an access token using your username and password from the
/token/
endpoint. - Include the access token in the
Authorization
header for all API requests. - Refresh the token as needed using the provided
/token/refresh/
endpoint.
Endpoints
1. Obtain Token
Use the POST /token/
endpoint to generate an access and refresh token.
Required Request Body:
{
"username": "your_username",
"password": "your_password"
}
3. Request Headers
Once you have an access token, include it in the Authorization header of your API requests:
Authorization: Bearer <your_access_token>
2. Refresh Token
Use the POST /token/refresh/
endpoint to refresh an expired access token and obtain a new refresh token.
Required Request Body:
{
"refresh": "your_refresh_token"
}
Example Response:
{
"access": "new_access_token",
"refresh": "new_refresh_token"
}
Token Validity
- Access Tokens: Valid for 5 minutes. These are used to authenticate API requests.
- Refresh Tokens: Valid for 24 hours. These are used to obtain new access and refresh tokens without requiring username and password authentication. Each refresh request generates a new refresh token, enhancing security through token rotation.
Best Practices
- Store Tokens Securely:
Store tokens in encrypted storage and avoid exposing them in client-side code or log - Use Token Rotation:
Always replace the old refresh token with the new one returned from/token/refresh/
to minimize security risks. - Handle Token Expiration:
Monitor API responses for expiration errors (HTTP 401) and use the/token/refresh/
endpoint to refresh tokens before expiration. - Reauthenticate When Necessary:
If both the access and refresh tokens expire, reauthenticate using the/token/
endpoint with your username and password.