Authentication
FileVerbs API offers two primary methods for authentication, ensuring secure access for both machine-to-machine communication and user-level access.
1. Machine-to-Machine Communication
The Machine-to-Machine Communication method is designed for seamless, secure interactions between servers or applications. Users can authenticate their requests by including the SecretKey in the request headers. The SecretKey is a unique, persistent key specifically generated for secure communication, ensuring that your machine-to-machine processes remain protected. This key does not expire unless manually reset by the user in the FileVerbs portal, offering flexibility and long-term security for automated systems.
Request Example (cURL):
curl -X GET https://api.fileverbs.com/api/v1/endpoint \
-H "SecretKey: eyJhbGci..."
This method is ideal for direct, secure communications between servers, ensuring consistent and uninterrupted access to the FileVerbs API.
Note: You can find the SecretKey in the FileVerbs portal after logging in. Navigate to Integration -> API Secret to retrieve the key.
2. Bearer Token Authentication (JWT)
This method allows users to generate a JWT Bearer Token by passing their SecretKey and APIKey in the request body to the access token endpoint.
Note: You can find the APIKey in the portal by navigating to Integration -> Access Token. The APIKey is used in combination with the SecretKey to generate the JWT Bearer Token, which can then be used to authenticate subsequent API requests securely.
Token Generation Endpoint:
POST https://api.fileverbs.com/api/v1/accounts/access-tokenRequest Example (cURL):
curl -X POST https://api.fileverbs.com/api/v1/accounts/access-token \
-H "Content-Type: application/json" \
-d '{
"SecretKey": "eyJhbGci...",
"APIKey": "jgJhbSag..."
}'
Once the Bearer Token is generated, it should be passed in the Authorization header as Bearer {jwt-token} for subsequent API calls.
Request Example with Bearer Token (cURL):
curl -X GET https://api.fileverbs.com/api/v1/your-endpoint \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
API Response Fields:
The table below explains each field in the API response:
| Field | Description |
|---|---|
| Id | Unique identifier for the user. |
| FirstName | The first name of the user. |
| LastName | The last name of the user. |
| The email address of the user. | |
| Role | The role of the user in the system (e.g., Admin, User). |
| IsVerified | Indicates whether the user’s email is verified (true/false). |
| JwtToken | The access token (JWT) that must be sent in the Authorization header for authenticated API requests. Example: Bearer eyJhbGciOiJIUzI1NiIsIn... |
| RefreshToken | A token that can be used to refresh the JWT when it expires. |
API Response Example:
{
"Id": "user123",
"FirstName": "John",
"LastName": "Doe",
"Email": "johndoe@example.com",
"Role": "Admin",
"IsVerified": true,
"JwtToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"RefreshToken": "d2dfsdgfh6dfg34tgsd..."
}
Token Expiration and Refresh
- Bearer Token: Typically short-lived and should be refreshed periodically.
- Refresh Token: A refresh token is stored in an HTTP-only cookie for added security. It can be used to obtain a new Bearer Token without requiring a user login.