🔐 User Resource

Authentication and session management

Authentication and authorization management for secure 7G API access. Provides user credential validation, JWT access token generation, refresh token workflows, and session lifecycle management with audit trails.

2
Endpoints
JWT
Token Standard
Secure
Authentication
Audit
Trail Support

Usage Notes

When

  • Authenticate and obtain access tokens
  • Refresh tokens before expiration
  • Establish API session

Requirements

  • Valid credentials for Login
  • Valid refresh token for RefreshToken

Notes

  • All API endpoints except Common/* require authentication
  • SDK auto-refreshes tokens 30 seconds before expiration
  • JWT-based authentication with access and refresh tokens

Description

User handles authentication and session management. Login to obtain access and refresh tokens. Use RefreshToken to extend sessions without re-authentication.

Available Endpoints

Authentication Services

POST Login Authenticate with JWT tokens and audit trail generation
POST RefreshToken Extend session with automatic cleanup and concurrent support

Core Data Transfer Objects

LoginRequest Login POST endpoint Authentication credentials (2 properties): Username and Password
TokenResponse Login and RefreshToken responses JWT authentication response (2 properties): AccessToken and RefreshToken
RefreshTokenRequest RefreshToken POST endpoint Token refresh request (1 property): RefreshToken for session extension

Authentication Workflow & SDK Pattern

The SDK AuthClient manages authentication with automatic token refresh, ensuring continuous API access without manual token management or user interruption.

SDK Automatic Token Refresh

The SDK's EnsureValidTokenAsync() method automatically refreshes access tokens 30 seconds before expiration. All resource clients call this method before each request, enabling long-running sessions without manual refresh logic.

Business Rules & Constraints

Authentication & Access Control

  • Access token requirement: All API endpoints require valid JWT access token authentication (except /User/Login, /User/RefreshToken, and /Common/* endpoints)
  • Token lifespan management: Access tokens have limited lifespan requiring periodic refresh to maintain security while enabling continuous operations
  • Security monitoring: Failed authentication attempts tracked with audit trails and threat detection

Session & Token Lifecycle

  • Session extension: Refresh tokens provide session extension without credential re-entry or user interruption
  • Token expiration enforcement: Token expiration policies maintained to balance security requirements with operational user experience
  • Automatic cleanup: Session lifecycle includes automated cleanup and token invalidation upon expiration or logout
  • Concurrent session management: Support for multiple concurrent sessions with token tracking and selective invalidation

Security & Audit

  • JWT implementation: JWT token implementation with secure signing and encryption
  • Audit trail generation: Authentication and session management audit trails maintained for compliance reporting
  • Identity provider integration: Authentication endpoints support integration with identity providers and SSO systems