{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-@l10n/en/sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":[]},"type":"markdown"},"seo":{"title":"Authentication","description":"Documentação oficial, guias e referência da API Auvo v2.","siteUrl":"https://developers.auvo.com.br","lang":"pt-BR","keywords":"auvo, api, documentação, developers, field service, workforce","meta":[{"name":"og:site_name","content":"Auvo Developers"},{"name":"og:locale","content":"pt_BR"},{"name":"og:locale:alternate","content":"es_ES"},{"name":"og:locale:alternate","content":"en_US"},{"name":"twitter:card","content":"summary_large_image"},{"name":"twitter:site","content":"@auvoapp"}],"llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"authentication","__idx":0},"children":["Authentication"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The Auvo API uses a ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Bearer JWT"]}," valid for 30 minutes, issued by ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /login"]},"."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"basic-flow","__idx":1},"children":["Basic flow"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Client calls ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /login"]}," with ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["apiKey"]}," + ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["apiToken"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["API replies with ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["result.accessToken"]}," and ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["result.expiration"]}," (ISO-8601)."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Client sends ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Authorization: Bearer <accessToken>"]}," on every request."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Before ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["expiration"]},", call ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /login"]}," again to renew."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"example","__idx":2},"children":["Example"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"bash","header":{"controls":{"copy":{}}},"source":"curl -X POST https://api.auvo.com.br/v2/login \\\n  -H 'Content-Type: application/json' \\\n  -d '{\"apiKey\":\"...\",\"apiToken\":\"...\"}'\n","lang":"bash"},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"best-practices","__idx":3},"children":["Best practices"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Store credentials in a secret manager"]}," (AWS Secrets Manager, Doppler,"," ","1Password). Never in source code."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["One token per application"]},": avoid sharing the same ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["accessToken"]}," between"," ","different processes; each worker should renew its own."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Safety margin"]},": renew the token 2 minutes early to cover clock skew."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Rotation"]},": call ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /login"]}," on 401 and retry the original request only"," ","once to avoid loops."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Avoid ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["GET /login"]}]}," in production — credentials would leak in URL logs."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"common-errors","__idx":4},"children":["Common errors"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Code"},"children":["Code"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Cause"},"children":["Cause"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Action"},"children":["Action"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["400"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Missing ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["apiKey"]}," or ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["apiToken"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Check body/query."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["401"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Expired token"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Renew via ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /login"]},"."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["403"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Rate limit exceeded"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Wait 60s or back off."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["404"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Invalid credentials"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Verify in ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Menu > Integration"]},"."]}]}]}]}]}]},"headings":[{"value":"Authentication","id":"authentication","depth":1},{"value":"Basic flow","id":"basic-flow","depth":2},{"value":"Example","id":"example","depth":2},{"value":"Best practices","id":"best-practices","depth":2},{"value":"Common errors","id":"common-errors","depth":2}],"frontmatter":{"title":"Authentication","description":"Bearer JWT flow, token rotation and best practices.","seo":{"title":"Authentication"}},"lastModified":"2026-04-24T13:01:34.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/en/guides/authentication","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}