Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.sertexity.com/llms.txt

Use this file to discover all available pages before exploring further.

Authentication

Sertexity uses Bearer token authentication with short-lived JWT access tokens and long-lived refresh tokens.

Flow

POST /auth/login
  → { access_token, refresh_token }

Authorization: Bearer <access_token>   ← attach to every request
  (valid 15 min)

POST /auth/refresh
  → new access_token
  (refresh token valid 30 days)

Using the token

Include the Authorization header on every protected request: 
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Token fields

FieldTypeDescription
access_tokenstringShort-lived JWT. Expires in 15 minutes (expires_in: 900).
refresh_tokenstringLong-lived opaque token. Expires in 30 days.
expires_inintegerSeconds until access_token expires.
token_typestringAlways "Bearer".

Refreshing the access token

When a request returns 401 Unauthorized, exchange your refresh token: 
curl -X POST https://api.sertexity.com/v1/auth/refresh \
  -H "Content-Type: application/json" \
  -d '{"refresh_token":"<refresh_token>"}'
Response 
{
  "access_token": "eyJhbG...",
  "expires_in": 900,
  "token_type": "Bearer"
}

Security tips

  • Keep tokens in memory — never in localStorage or URLs.
  • Always use HTTPS.
  • Call POST /auth/logout to invalidate a session immediately.