Generate an Access Token
POST/auth/api/v1/accounts/token
Generates a new Access Token using the Refresh Token, so you can keep using the system without having to log in again with your username and password.
A Few Tips for Managing Your Access Token
When you make a request to the Login API, you'll receive two tokens:
- Access Token: Valid for 45 minutes, and used to interact with our systems.
- Refresh Token: Has a much longer validity period, so you can stay connected without needing to re-authenticate.
How to Use the Tokens:
Access Token:
- Make sure to use the access token within its 45-minute validity window.
- If the token expires while you're using it, the system will respond with a 401 error.
If You Get a 401 Error (Token Expired):
- A 401 response means your access token has expired.
- When that happens, immediately call the
/tokenendpoint. - Provide the refresh token you received during login.
- The
/tokenendpoint will return a new access token you can use.
Alternative Login Method
You can also log in using Basic Authentication by sending your authorization token, which is a username:password string encoded in Base64.
With this method, the system will handle token rotation automatically.
⚙️ General Example (Pseudocode)
IF access_token is expired:
CALL /token endpoint WITH refresh_token
STORE new access_token
ELSE:
USE access_token IN headers
IF no access_token stored:
ENCODE username:password TO base64
SEND login request to /auth/api/v1/accounts/login
RECEIVE access_token and refresh_token
STORE both tokens
💻 Code Examples
🐍 Python (requests)
import requests
from base64 import b64encode
username = "johndoe"
password = "your_password"
auth_string = f"{username}:{password}"
headers = {
"Authorization": "Basic " + b64encode(auth_string.encode()).decode()
}
res = requests.post("{{BASE_URL}}/auth/api/v1/accounts/login", headers=headers)
tokens = res.json()
access_token = tokens["access"]
refresh_token = tokens["refresh"]
⚡ JavaScript (fetch)
const username = "johndoe";
const password = "your_password";
const base64 = btoa(`${username}:${password}`);
fetch("{{BASE_URL}}/auth/api/v1/accounts/login", {
method: "POST",
headers: {
"Authorization": `Basic ${base64}`
}
})
.then(res => res.json())
.then(tokens => {
const access = tokens.access;
const refresh = tokens.refresh;
// Store and use tokens
});
💻 cURL
curl -X POST https://{{BASE_URL}}/auth/api/v1/accounts/login \
-H "Authorization: Basic $(echo -n 'username:password' | base64)"
🚨 Important Warning
Warning:
The login system is integrated with Google Firebase, so don’t try to generate a new Access Token every time you make a request!
Make sure to store and reuse tokens when possible, and only refresh when needed — excessive token generation could be flagged as suspicious activity by Google and result in temporary or permanent account suspension.
Request
Responses
- 200