JWT Token Reference
Token Format
SureStage JWTs follow the standard format with custom claims:
{
"sub": "user-uuid",
"email": "user@example.com",
"tenantId": "company-uuid",
"tenantSlug": "acme-corp",
"roles": ["admin"],
"iat": 1707849600,
"exp": 1707853200,
"iss": "surestage"
}
Token Endpoints
Login
POST /auth/login
Content-Type: application/json
{
"email": "user@example.com",
"password": "your-password"
}
Response:
{
"success": true,
"data": {
"accessToken": "eyJhbG...",
"refreshToken": "eyJhbG...",
"expiresIn": 3600
}
}
Refresh
POST /auth/refresh
Content-Type: application/json
{
"refreshToken": "eyJhbG..."
}
Get Current User
GET /auth/me
Authorization: Bearer eyJhbG...
Token Lifetime
| Token | Lifetime |
|---|---|
| Access token | 1 hour |
| Refresh token | 30 days |
Error Handling
| Status | Code | Meaning |
|---|---|---|
| 401 | TOKEN_EXPIRED | Access token has expired - refresh it |
| 401 | TOKEN_INVALID | Token is malformed or tampered with |
| 401 | TOKEN_REVOKED | User logged out or token was revoked |
| 403 | INSUFFICIENT_PERMISSIONS | Valid token but lacking required role |