Skip to main content

Introduction

ServITech uses JWT (JSON Web Tokens) for secure API authentication. This system provides stateless authentication, allowing clients to authenticate once and receive a token for subsequent requests.

Authentication Flow

  1. Register - Create a new user account with email, password, name, and phone
  2. Login - Authenticate with email and password to receive a JWT token
  3. Authorized Requests - Include the JWT token in the Authorization header
  4. Logout - Invalidate the current token (optional)
  5. Password Reset - Request a password reset link via email

JWT Token Details

The ServITech API uses the tymon/jwt-auth package with the following configuration:
Algorithm
string
default:"HS256"
HMAC SHA-256 signing algorithm for token security
Token Expiration
integer
default:"60 minutes"
Default token lifetime (configurable via JWT_TTL environment variable)
Refresh Window
integer
default:"20160 minutes (2 weeks)"
Time window for token refresh after expiration
Blacklist
boolean
default:"true"
Token blacklist enabled for logout functionality

Token Claims

Each JWT token includes the following required claims:
  • iss - Issuer (your API)
  • iat - Issued at timestamp
  • exp - Expiration timestamp
  • nbf - Not before timestamp
  • sub - Subject (user ID)
  • jti - JWT ID (unique token identifier)

Protected Routes

Some endpoints require authentication. Include the JWT token in your requests: 
Authorization: Bearer {your-jwt-token}

Public Endpoints

  • POST /auth/login - User login
  • POST /auth/register - User registration
  • POST /auth/reset-password - Send password reset link
  • PUT /auth/reset-password - Reset password with token

Protected Endpoints

  • POST /auth/logout - User logout (requires valid token)
  • All /user/* routes - User profile management
  • All /support-request/* routes - Support ticket management

Admin-Only Endpoints

Require authentication AND admin role:
  • All /category/* routes
  • All /repair-request/* routes
The API supports localization through the Accept-Language header. Supported languages include en (English) and es (Spanish).

User Roles

The system supports role-based access control:
  • USER - Default role assigned on registration
  • ADMIN - Administrative role with elevated permissions

Next Steps

Login

Authenticate and receive a JWT token

Register

Create a new user account

JWT Tokens

Learn about token lifecycle and management

Password Reset

Reset forgotten passwords

Build docs developers (and LLMs) love

Get started for freeTalk to us