Authentication
Token And Logout
Connect-token flow, expiration handling, and logout.
Get Access Token
Call the connect-token endpoint to get an access token:
/connect/token returns access_token and expired_at only.
For this flow, when the access token expires, request a new token from /connect/token.
Logout
POST /api/v1/auth/logout
Invalidates the current access token.
Required headers
| Header | Required | Notes |
|---|---|---|
Authorization: Bearer <current_access_token> | Yes | Even though the route is whitelisted in middleware, the handler still requires this header. |
Request body
No body is required.
Success response
{
"status_code": 200,
"message": "Logout successful",
"data": null
}
Token Usage On Protected Routes
After you get an access token from connect-token, call protected routes like:
GET /api/v1/mobile_user/profilePUT /api/v1/mobile_user/profile
using:
Authorization: Bearer <access_token>