Authorization
Connection Details
The primary host for API requests is:
Production Host: https://api.suppa.me
IMPORTANT
To obtain login credentials (username and password), please contact the Customer Support Department.
All interaction with the Suppa Core API requires a valid JWT (JSON Web Token). The API uses a dual-token system: an Access Token for authorizing requests and a Refresh Token for obtaining new access tokens.
Login
Obtain initial tokens using account credentials.
Endpoint: POST /auth/accounts/login
Request Body
{
"username": "your_username",
"password": "your_password"
}Response
Returns the access and refresh tokens.
{
"access": {
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9...",
"expiredAt": "2025-01-01T10:00:00Z"
},
"refresh": {
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9...",
"expiredAt": "2025-01-07T10:00:00Z"
}
}Refresh Token
Use the refresh token to obtain a new set of tokens when the access token expires.
Endpoint: GET /auth/accounts/refresh-token
Request Headers
The refresh token must be provided in the refresh-token header.
| Header | Value |
|---|---|
refresh-token | Bearer {refresh_token} |
Response
Returns a new pair of access and refresh tokens.
{
"access": {
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9...",
"expiredAt": "2025-01-01T11:00:00Z"
},
"refresh": {
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9...",
"expiredAt": "2025-01-07T11:00:00Z"
}
}Using the Access Token
Include the access token in the Authorization header for all requests to the Core API.
| Header | Value |
|---|---|
Authorization | Bearer {access_token} |
Content-Type | application/json |
Token Expiry
If a request returns a 401 Unauthorized status, it usually means the access token has expired. In this case, perform the Refresh Token flow. If the refresh flow also fails, the user must log in again via the Login endpoint.