Skip to main content

Login Flows

CRYMBO Connect provides a secure login system using email and password authentication combined with JWT (JSON Web Tokens) for session management.

Endpoints

EndpointMethodPurpose
/v1/auth/loginPOSTAuthenticate user and issue JWT token
/v1/auth/logoutPOSTInvalidate session token
/v1/auth/refresh-tokenPOSTObtain a new access token (session refresh)

Flow Overview

  1. Login

    • User submits email and password.
    • If valid, a JWT token is issued.
    • Token must be included in Authorization headers (Bearer <token>) for all protected API calls.

  2. Logout

    • Client calls /v1/auth/logout to invalidate the token.
    • Session is securely closed.

  3. Refresh Token

    • Clients may call /v1/auth/refresh-token before token expiration to refresh their session without requiring re-login.

Security Notes

  • All tokens are time-limited and cryptographically signed.
  • MFA can be enforced after password verification.
  • Refresh tokens can be disabled institution-wide for enhanced security if needed.