| title | description | category | tags | updated-date | difficulty-level | ||||
|---|---|---|---|---|---|---|---|---|---|
Authentication (DEPRECATED - JWT NOT USED) |
reference |
|
2025-12-18 |
advanced |
This document describes JWT authentication which is NOT used by VisionFlow.
Current Authentication: VisionFlow uses the Nostr protocol (NIP-01, NIP-07) for decentralized authentication.
For Current Documentation, see:
- Primary:
/docs/guides/features/nostr-auth.md- Nostr authentication implementation - Architecture:
/docs/architecture/overview.md- Authentication section
VisionFlow API uses JWT (JSON Web Tokens) for authentication.
sequenceDiagram
participant Client
participant API
Client->>API: POST /auth/login
API->>Client: JWT Token
Client->>API: Request + JWT
API->>Client: Response
Endpoint: POST /api/auth/login
Request:
{
"email": "user@example.com",
"password": "password123"
}Response:
{
"success": true,
"data": {
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"id": "uuid",
"email": "user@example.com",
"role": "user"
}
}
}Include JWT in Authorization header:
curl -H "Authorization: Bearer YOUR-JWT-TOKEN" \
http://localhost:9090/api/projectsGenerate API keys for programmatic access:
curl -X POST http://localhost:9090/api/auth/api-keys \
-H "Authorization: Bearer YOUR-JWT-TOKEN"Use API keys:
curl -H "X-API-Key: YOUR-API-KEY" \
http://localhost:9090/api/projects- JWT tokens expire in 24 hours
- Refresh tokens expire in 30 days
- Use
/auth/refreshto get new tokens
- Semantic Features API Reference
- Pathfinding API Examples
- Database Schema Reference
- VisionFlow Binary WebSocket Protocol
- WebSocket Binary Protocol Reference
- Store tokens securely
- Use HTTPS in production
- Rotate API keys regularly
- Never commit tokens to git