GETTING STARTED

Authentication

Learn how to authenticate with the 7G Registry Platform API using Bearer tokens. This guide covers login, token usage, and refresh workflows with accurate implementation examples.

Authentication Overview

The 7G Registry Platform uses Bearer token authentication for secure API access. All endpoints require authentication except public endpoints for login, token refresh, and system health checks.

🔐

Bearer Token Security

Industry-standard Bearer tokens with configurable expiration and refresh capabilities.

⏱️

Token Lifecycle

Access tokens expire after 20 minutes, with refresh tokens for seamless renewal.

🛡️

Secure Transmission

All authentication happens over HTTPS with secure token transmission and storage.

1. Login

POST credentials to /User/Login endpoint

1
2

2. Get Tokens

Receive access token and refresh token in response

3. Use Token

Include token in Authorization: {accessToken} header

3
4

4. Refresh When Needed

Use refresh token at /User/RefreshToken to get new tokens

Step 1: Obtaining an Access Token

Start by authenticating with the /User/Login endpoint. This is the only endpoint that accepts username and password credentials directly.

Always use HTTPS to protect credentials in transit
json
POST https://api.7g.com.au/User/Login
Content-Type: application/json
Version: 2.0

{
  "username": "Username123",
  "password": "YourSecurePassword123!"
}

Response Fields

  • accessToken - Use in Authorization header for API requests
  • refreshToken - Use to obtain new access tokens

Step 2: Using Your Access Token

Once you have an access token, include it directly in the Authorization header of every API request. The token authenticates your requests and grants access to protected endpoints.

Token Usage

Include the access token directly in the Authorization header of every API request. The format is: Authorization: {accessToken}

Required Headers for Authenticated Requests

Header Value Description
Authorization {accessToken} Your access token from login response
Content-Type application/json Request/response format
Version 2.0 API version
bash
# Using Bearer token in requests
curl -X GET https://api.7g.com.au/BizEntity?bizEntityID=12345 \
  -H "Authorization: {accessToken}" \
  -H "Content-Type: application/json" \
  -H "Version: 2.0"

Token Refresh

Access tokens expire after 20 minutes. Use the refresh token to get new tokens without re-authentication.

Token Refresh Best Practices

  • Store refresh tokens securely - they have longer lifespans than access tokens
  • Implement automatic refresh before token expiration to avoid interruptions
  • Handle refresh token expiration by prompting for re-authentication
  • Never expose refresh tokens in client-side code or logs
json
POST https://api.7g.com.au/User/RefreshToken
Content-Type: application/json
Version: 2.0

{
  "refreshToken": "d290f1ee-6c54-4b01-90e6-d701748f0851"
}

Common Authentication Errors

401 Unauthorized Invalid, expired, or missing access token
400 Bad Request Invalid username/password or missing fields
403 Forbidden Valid token but insufficient permissions

Security Best Practices

Token Storage

  • Never store tokens in source code or version control
  • Use secure storage (environment variables, key vaults)
  • Encrypt tokens at rest if stored locally
  • Clear tokens from memory after use

Network Security

  • Always use HTTPS for API communication
  • Implement certificate pinning for mobile apps
  • Use VPN or private networks where possible
  • Monitor for suspicious authentication patterns

Next Steps

Now that you understand authentication, continue with:

API Fundamentals

Learn about request/response formats, error handling, and performance optimization

Login Endpoint

Detailed reference for the /User/Login endpoint

Refresh Token Endpoint

Complete documentation for token refresh

API Concepts

Understand core concepts like IDs, filtering, and pagination