Authentication
SonicJs has a common token based authentication system allowing you login, obtain a valid token and supply that token to subsequent api requests.
API Login
-
To authorize via the API POST to
/api/v1/auth/login
with the email and password in the body{ "email": "[email protected]", "password": "password123" }
-
The API will return a bearer token
{ "bearer": "eo0t9q52njemo83rm1qktr6kwjh8zu5o3vma1g6j", "expires": 1748197383650 }
-
You can now access
http://localhost:4321/api/v1/auth/user
to obtain session and user data for the currently logged in user:{ "session": { "userId": "2026ad2d-2dc2-4187-9809-7ade12d621b1", "activeExpires": 1748202525070, "idleExpires": 1748202525070, "createdOn": 1743018525070, "updatedOn": 1743018525070, "token": "eo0t9q52njemo83rm1qktr6kwjh8zu5o3vma1g6j" }, "user": { "id": "2026ad2d-2dc2-4187-9809-7ade12d621b1", "firstName": "John", "lastName": "Doe", "profile": {}, "email": "[email protected]", "role": "admin", "createdOn": 1739985219999, "updatedOn": 1742332702647 } }
Include the Bearer Token
-
Add the bearer token to the Authorization header on future requests
const url = 'http://localhost:8788/v1/posts/c1d462a4-fd10-4bdb-bbf2-2b33a94f82aa' const data = { data: { title: 'Test Post Update', }, } const requestOptions = { method: 'PUT', headers: { 'Content-Type': 'application/json', Authorization: 'Bearer eo0t9q52njemo83rm1qktr6kwjh8zu5o3vma1g6j', }, body: JSON.stringify(data), } fetch(url, requestOptions)
Logout
Client Side
To logout, simply delete the token from the client side, for example in a React app it might be:
localStorage.removeItem('bearer')
Server Side
To Logout on the server side and delete the session record from the userSessions table:
const url = 'http://localhost:8788/v1/auth/logout'
const requestOptions = {
method: 'POST',
headers: {
'Content-Type': 'application/json',
Authorization: 'Bearer eo0t9q52njemo83rm1qktr6kwjh8zu5o3vma1g6j',
},
}
fetch(url, requestOptions)
Expected Response (200):
{
"message": "Successfully logged out"
}