Authentication
Crucible uses JWT (JSON Web Tokens) for API authentication. Learn how to obtain and use access tokens.
Overview
The Crucible API uses JWT tokens for authentication. You obtain tokens by signing in, then include them in API requests via the Authorization header.
Obtaining Tokens
Sign In Endpoint
POST /api/auth/token
Content-Type: application/json
{
"email": "user@example.com",
"password": "your-password"
}http
Response:
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer",
"expires_in": 3600
}json
Using Tokens
Include the access token in the Authorization header of all authenticated requests:
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...http
Refreshing Tokens
Access tokens expire after 1 hour. Use the refresh token to obtain a new access token:
POST /api/auth/refresh
Authorization: Bearer {refresh_token}http
Token Expiration
- Access Token: Expires after 1 hour
- Refresh Token: Expires after 7 days
- Response: 401 Unauthorized when token expires
Example
// Sign in
const response = await fetch('https://api.roundtablelabs.ai/api/auth/token', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
email: 'user@example.com',
password: 'password'
})
});
const { access_token } = await response.json();
// Use token in API requests
const sessions = await fetch('https://api.roundtablelabs.ai/api/sessions', {
headers: {
'Authorization': `Bearer ${access_token}`
}
});javascript