Authentication
AlertifyPro uses JWT Bearer tokens for API authentication. Tokens are issued by logging in and must be included in every protected request.
Getting a token​
curl -X POST http://localhost:3001/api/v1/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "[email protected]",
"password": "your_password"
}'
Response:
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user_id": "550e8400-e29b-41d4-a716-446655440000",
"org_id": "7c9e6679-7425-40de-944b-e07fc1f90ae7"
}
Using the token​
Include it as a Bearer token in the Authorization header:
curl http://localhost:3001/api/v1/services \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Token details​
| Property | Value |
|---|---|
| Algorithm | HS256 |
| Expiry | 72 hours from login |
| Claims | user_id, tenant_id (org ID), email, exp, iat |
The tenant_id claim is used internally to scope all requests to the correct organization automatically — you don't need to pass org_id in most requests.
Token expiry​
When your token expires you'll receive:
{ "error": "unauthorized" }
Simply log in again to get a fresh token.
Organization context​
AlertifyPro is multi-tenant. All data is scoped to your organization. The org_id returned at login corresponds to your tenant ID embedded in the JWT.
If needed, you can also specify the organization via query param ?org=org-slug.
Registration​
curl -X POST http://localhost:3001/api/v1/auth/register \
-H "Content-Type: application/json" \
-d '{
"email": "[email protected]",
"password": "your_password",
"full_name": "Your Name"
}'
Registration creates:
- A new user account
- A default organization (
{Your Name}'s Organization) withplan_type: "free"and max 5 services - Assigns you as the
ownerof the organization
Security configuration​
Tokens are signed with the JWT_SECRET environment variable. Credentials are stored as bcrypt hashes. Service auth credentials are encrypted with AES-256-GCM using the ENCRYPTION_KEY variable.
See Environment Variables → for configuration details.