API Kimlik Dogrulama
JWT token'lari kullanarak BotLaunch API ile kimlik dogrulamayi ogrenin. Isteklerinizi guvenli hale getirin ve kaynaklariniza erisimi yonetin.
JSON Web Token'lari kullanarak guvenli durumsuz kimlik dogrulama.
Erisim token'lari 1 saatte, yenileme token'lari 7 gunde sona erer.
Yeni erisim token'lari elde etmek icin yenileme token'larini sorunsuz kullanin.
Kimlik Dogrulama Akisi
Kimlik dogrulamak ve guvenli API istekleri yapmak icin bu adimlari izleyin.
Giris
Kimlik bilgileriyle token'lari alin
Token'lari Saklayin
Her iki token'i guvenli bir sekilde saklayin
Istek Yapin
Token'i basliklara ekleyin
Yenileyin
Suresi dolunca yeni token alin
Kimlik Dogrulama Endpoint'leri
/api/auth/loginBir kullaniciyi dogrulayin ve erisim ile yenileme token'lari alin.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
| string | User's email address | ||
| password | string | User's password |
Example Request
curl -X POST "https://api.botlaunch.io/api/auth/login" \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "your-secure-password"
}'Example Response
{
"data": {
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expiresIn": 3600,
"user": {
"id": "usr_abc123",
"email": "user@example.com",
"role": "CLIENT_OWNER"
}
},
"message": "Login successful"
}/api/auth/registerYeni bir kullanici hesabi ve organizasyon olusturun.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
| string | Valid email address | ||
| password | string | Min 8 chars, 1 uppercase, 1 number | |
| name | string | User's full name | |
| organizationName | string | Optional | Organization name |
Example Request
curl -X POST "https://api.botlaunch.io/api/auth/register" \
-H "Content-Type: application/json" \
-d '{
"email": "newuser@example.com",
"password": "SecureP@ssw0rd!",
"name": "John Doe",
"organizationName": "My Company"
}'/api/auth/refreshYeni bir erisim token'i icin yenileme token'ini degistirin.
Example Request
curl -X POST "https://api.botlaunch.io/api/auth/refresh" \
-H "Content-Type: application/json" \
-d '{
"refreshToken": "your-refresh-token"
}'Token Rotasyonu
Her yenileme istegi yeni bir yenileme token'i dondurur. Sonraki istekler icin en son yenileme token'ini saklayin ve kullanin.
/api/auth/logoutMevcut oturumu gecersiz kilin ve token'lari iptal edin.
Example Request
curl -X POST "https://api.botlaunch.io/api/auth/logout" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json"Erisim Token'larini Kullanma
Tum API istekleri icin erisim token'inizi Authorization basligina ekleyin.
// Include the access token in all API requests
const response = await fetch("https://api.botlaunch.io/api/bots", {
headers: {
"Authorization": "Bearer eyJhbGciOiJIUzI1NiIs...",
"x-organization-id": "org_xyz789",
"Content-Type": "application/json"
}
});Zorunlu Basliklar
AuthorizationBearer tokenx-organization-idOrganization IDContent-Typeapplication/jsonGuvenlik En Iyi Uygulamalari
- Token'lari guvenli bir sekilde saklayin (web icin asla localStorage kullanmayin)
- Tum API istekleri icin HTTPS kullanin
- Suresi dolmadan once token yenilemesi uygulayin
- Cikis veya guvenlik olaylarinda token'lari iptal edin
Kimlik Dogrulama Hatalari
Yaygin kimlik dogrulama hatalari ve bunlarin nasil ele alinacagi.
| Status | Error | Description | Solution |
|---|---|---|---|
| 401 | Unauthorized | Missing or invalid token | Check Authorization header |
| 401 | Token Expired | Access token has expired | Use refresh token to get new access token |
| 403 | Forbidden | Insufficient permissions | Check user role and organization access |
| 429 | Too Many Requests | Login rate limit exceeded | Wait and retry after cooldown |
| 400 | Invalid Credentials | Wrong email or password | Verify credentials and try again |