Authentication

All API endpoints require authentication via Bearer Token (JWT).

Mechanism

The API uses the HTTP Bearer scheme (Authorization: Bearer <token>). Each request validates that the token is valid and the session is active. The token contains user information that the API uses to determine the scope of the returned data.

Required header

Authorization: Bearer <your_token>

Authenticated request examples

curlPython (requests)JavaScript (fetch)

curl -X GET "http://localhost:8000/api/v1/logs/query?level=ERROR" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

import requests

headers = {"Authorization": f"Bearer {token}"}
response = requests.get(
    "http://localhost:8000/api/v1/logs/query",
    params={"level": "ERROR"},
    headers=headers,
)
data = response.json()

const response = await fetch('/api/v1/logs/query?level=ERROR', {
  headers: {
    'Authorization': `Bearer ${token}`
  }
});
const data = await response.json();

Automatic company scope

There is no need to send any company identifier as a parameter. The API determines it from the token and applies it to all queries automatically.

Authentication errors

Code	Description
`401 Unauthorized`	Invalid, expired token or inactive session. Header: `WWW-Authenticate: Bearer`
`403 Forbidden`	Valid token but missing `id_company`
`500 Internal Server Error`	Unexpected error while validating the token

Swagger UI

To test the API from Swagger UI (/docs):

Click the Authorize button (lock icon).
In the HTTPBearer field, paste your token (without the Bearer prefix).
Click Authorize and then Close.

All requests made from Swagger will include the token automatically.