Authentication

SonicJs has a common token based authentication system allowing you login, obtain a valid token and supply that token to subsequent api requests.

API Login

  1. To authorize via the API POST to /api/v1/auth/login with the email and password in the body

    {
      "email": "[email protected]",
      "password": "password123"
    }
    
  2. The API will return a bearer token

    {
      "bearer": "eo0t9q52njemo83rm1qktr6kwjh8zu5o3vma1g6j",
      "expires": 1748197383650
    }
    
  3. You can now access http://localhost:4321/api/v1/auth/user to obtain session and user data for the currently logged in user:

    {
        "session": {
            "userId": "2026ad2d-2dc2-4187-9809-7ade12d621b1",
            "activeExpires": 1748202525070,
            "idleExpires": 1748202525070,
            "createdOn": 1743018525070,
            "updatedOn": 1743018525070,
            "token": "eo0t9q52njemo83rm1qktr6kwjh8zu5o3vma1g6j"
        },
        "user": {
            "id": "2026ad2d-2dc2-4187-9809-7ade12d621b1",
            "firstName": "John",
            "lastName": "Doe",
            "profile": {},
            "email": "[email protected]",
            "role": "admin",
            "createdOn": 1739985219999,
            "updatedOn": 1742332702647
        }
    }
    

Include the Bearer Token

  1. Add the bearer token to the Authorization header on future requests

    const url =
      'http://localhost:8788/v1/posts/c1d462a4-fd10-4bdb-bbf2-2b33a94f82aa'
    const data = {
      data: {
        title: 'Test Post Update',
      },
    }
    const requestOptions = {
      method: 'PUT',
      headers: {
        'Content-Type': 'application/json',
        Authorization: 'Bearer eo0t9q52njemo83rm1qktr6kwjh8zu5o3vma1g6j',
      },
      body: JSON.stringify(data),
    }
    fetch(url, requestOptions)
    

Logout

Client Side

To logout, simply delete the token from the client side, for example in a React app it might be:

localStorage.removeItem('bearer')

Server Side

To Logout on the server side and delete the session record from the userSessions table:

const url = 'http://localhost:8788/v1/auth/logout'

const requestOptions = {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    Authorization: 'Bearer eo0t9q52njemo83rm1qktr6kwjh8zu5o3vma1g6j',
  },
}
fetch(url, requestOptions)

Expected Response (200):

{
  "message": "Successfully logged out"
}