HyperSaaS
BackendAuthentication

JWT Tokens

JSON Web Token configuration and usage.

Configuration

SIMPLE_JWT = {
    "AUTH_HEADER_TYPES": ("JWT",),
    "ACCESS_TOKEN_LIFETIME": timedelta(hours=100),
    "REFRESH_TOKEN_LIFETIME": timedelta(days=14),
    "BLACKLIST_AFTER_ROTATION": True,
}
SettingValueDescription
AUTH_HEADER_TYPES("JWT",)Use Authorization: JWT <token> header
ACCESS_TOKEN_LIFETIME100 hoursHow long an access token is valid
REFRESH_TOKEN_LIFETIME14 daysHow long a refresh token is valid
BLACKLIST_AFTER_ROTATIONTrueOld refresh tokens are invalidated after use

Endpoints

All JWT endpoints are under /auth/:

Obtain Token

POST /auth/jwt/create/

Request:

{
  "email": "user@example.com",
  "password": "your-password"
}

Response:

{
  "access": "eyJ0eXAiOiJKV1Q...",
  "refresh": "eyJ0eXAiOiJKV1Q..."
}

Refresh Token

POST /auth/jwt/refresh/

Request:

{
  "refresh": "eyJ0eXAiOiJKV1Q..."
}

Response:

{
  "access": "eyJ0eXAiOiJKV1Q..."
}

Verify Token

POST /auth/jwt/verify/

Request:

{
  "token": "eyJ0eXAiOiJKV1Q..."
}

Returns 200 OK if valid, 401 Unauthorized if expired or invalid.

Usage

Include the JWT in the Authorization header for all API requests:

curl -H "Authorization: JWT eyJ0eXAiOiJKV1Q..." \
  http://localhost:8000/api/workspaces/

Overview

Authentication system using django-allauth, djoser, and SimpleJWT.

User Endpoints (Djoser)

Registration, activation, password management via djoser REST endpoints.

On this page

ConfigurationEndpointsObtain TokenRefresh TokenVerify TokenUsage