Skip to main content

Overview

The Ambiotec API uses JSON Web Tokens (JWT) for authentication. After successfully logging in or registering, you’ll receive a JWT token that must be included in subsequent API requests.

Authentication Flow

  1. Register or Login to obtain a JWT token
  2. Include the token in the Authorization header for protected endpoints
  3. Token expires after 8 hours (default)

JWT Token Details

Token Configuration:
  • Secret: Configured via JWT_SECRET environment variable
  • Expiration: 8 hours (configurable via JWT_EXPIRES)
  • Algorithm: HS256 (default)
Token Payload: The JWT contains the following user data: 
{
  "usuario_id": 1,
  "usuario_login": "johndoe",
  "usuario_correo": "[email protected]",
  "usuario_nombre": "John",
  "usuario_apellido": "Doe",
  "departamento_id": 5,
  "usuario_celular": "12345678",
  "access_id": 123,
  "profile": null
}

Using the Token

Include the JWT token in the Authorization header with the Bearer scheme: 
Authorization: Bearer <your-jwt-token>
Example Request: 
curl -X POST https://api.ambiotec.com/api/update-profile \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -H "Content-Type: application/json" \
  -d '{"user_id": 1, "username": "johndoe"}'

Authentication Errors

The API returns standard HTTP status codes for authentication errors:
Status CodeError MessageDescription
401Token no provistoNo Authorization header provided
401Token inválido o caducadoToken is invalid or expired
401Credenciales inválidasLogin credentials are incorrect

Endpoints

Register

Create a new user account and receive a JWT token

Login

Authenticate with existing credentials

Security Best Practices

  • Store tokens securely (e.g., httpOnly cookies, secure storage)
  • Never expose tokens in URLs or logs
  • Implement token refresh before expiration
  • Use HTTPS for all API requests
  • Handle token expiration gracefully in your application

Build docs developers (and LLMs) love

Get started for freeTalk to us