🔐 User Resource

Authentication and session management

Authentication and authorization management for secure 7G API access. Provides user credential validation, JWT access token generation, refresh token workflows, and session lifecycle management with audit trails.

Endpoints

JWT

Token Standard

Secure

Authentication

Audit

Trail Support

🔐

Secure Authentication

Credential validation with username/password authentication, multi-factor support readiness, and JWT access token generation.

🔄

Token Management

Session lifecycle management with automatic token refresh and session extension without credential re-entry.

🛡️

Security & Monitoring

Session monitoring, threat detection, audit trails, expiration handling, and security event tracking.

Available Endpoints

Authentication Services

POST Login Authenticate with JWT tokens and audit trail generation

POST RefreshToken Extend session with automatic cleanup and concurrent support

Core Data Transfer Objects

LoginRequest Login POST endpoint Authentication credentials (2 properties): Username and Password

TokenResponse Login and RefreshToken responses JWT authentication response (2 properties): AccessToken and RefreshToken

RefreshTokenRequest RefreshToken POST endpoint Token refresh request (1 property): RefreshToken for session extension

Common Use Cases

💱

Application Authentication

Secure application and user authentication for API access with JWT token management and session control.

🔄

Session Management

Automatic session extension with refresh tokens, enabling seamless user experience without frequent re-authentication requirements.

🛡️

Security Monitoring

Authentication audit trails, failed login tracking, and security event monitoring for compliance and threat detection.

🏢

Identity Integration

Integration with identity systems, SSO platforms, and multi-application authentication workflows.

Authentication Workflow & SDK Pattern

The SDK AuthClient manages authentication with automatic token refresh, ensuring continuous API access without manual token management or user interruption.

SDK Automatic Token Refresh

The SDK's EnsureValidTokenAsync() method automatically refreshes access tokens 30 seconds before expiration. All resource clients call this method before each request, enabling long-running sessions without manual refresh logic.

Business Rules & Constraints

Authentication & Access Control

Access token requirement: All API endpoints require valid JWT access token authentication (except /User/Login, /User/RefreshToken, and /Common/* endpoints)
Token lifespan management: Access tokens have limited lifespan requiring periodic refresh to maintain security while enabling continuous operations
Security monitoring: Failed authentication attempts tracked with audit trails and threat detection

Session & Token Lifecycle

Session extension: Refresh tokens provide session extension without credential re-entry or user interruption
Token expiration enforcement: Token expiration policies maintained to balance security requirements with operational user experience
Automatic cleanup: Session lifecycle includes automated cleanup and token invalidation upon expiration or logout
Concurrent session management: Support for multiple concurrent sessions with token tracking and selective invalidation

Security & Audit

JWT implementation: JWT token implementation with secure signing and encryption
Audit trail generation: Authentication and session management audit trails maintained for compliance reporting
Identity provider integration: Authentication endpoints support integration with identity providers and SSO systems