Authentication¶
ChatOps uses JWT tokens for user authentication and API keys for agent authentication.
User Authentication (JWT)¶
Registration¶
POST /api/v1/auth/register
Content-Type: application/json
{
"email": "user@example.com",
"username": "username",
"password": "password123",
"password_confirm": "password123",
"full_name": "Full Name"
}
Response:
{
"user": {
"id": "uuid",
"email": "user@example.com",
"username": "username",
"full_name": "Full Name"
},
"access_token": "jwt_access_token",
"refresh_token": "jwt_refresh_token",
"token_type": "bearer"
}
Login¶
POST /api/v1/auth/login
Content-Type: application/x-www-form-urlencoded
username=username&password=password123
Response:
{
"access_token": "jwt_access_token",
"refresh_token": "jwt_refresh_token",
"token_type": "bearer"
}
Using Access Token¶
Include the access token in the Authorization header:
Refresh Token¶
Access tokens expire after 30 minutes. Use the refresh token to get a new access token:
Response:
Agent Authentication (API Keys)¶
Creating an API Key¶
- Log into the web interface
- Navigate to a server
- Go to the "API Keys" tab
- Click "Create API Key"
- Copy the key immediately (only shown once)
Using API Key¶
Agents authenticate via WebSocket by sending an authentication message:
The API responds with:
Token Expiration¶
- Access Token: 30 minutes
- Refresh Token: 7 days
Security Best Practices¶
- Never commit tokens or API keys to version control
- Use HTTPS in production
- Rotate API keys regularly
- Store tokens securely in the frontend (localStorage or httpOnly cookies)
- Revoke compromised keys immediately