Authentication

The Bookshop API uses token-based authentication to secure the endpoints and protect user data. All requests to protected endpoints must include a valid authentication token in the request header.

How to Obtain an Authentication Token

To interact with the Bookshop API, you first need to authenticate by obtaining a token. Typically, you would send a request to a login endpoint with your credentials (e.g., username and password). The server will respond with an authentication token if the credentials are valid.

Login Endpoint

Endpoint

POST /api/auth/login

Request Body Parameters

Name	Type	Required	Description
username	string	Yes	The username for authentication.
password	string	Yes	The password for authentication.

Request Example

fetch("/api/auth/login", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    username: "user123",
    password: "securePassword",
  }),
})
.then((response) => response.json())
.then((data) => {
  // Save the authentication token for future requests
  const token = data.token;
  console.log("Authentication Token:", token);
})
.catch((error) => console.error("Error:", error));

Response Example

{
  "token": "your-authentication-token-here"
}

Using the Authentication Token

Once you have obtained the authentication token, you must include it in the Authorization header of all subsequent API requests. The token should be prefixed with the word "Bearer".

Example of an Authenticated Request

To make a request to a protected endpoint, such as fetching all books, include the token in the Authorization header:

fetch('/api/books', {
  method: 'GET',
  headers: {
    'Authorization': 'Bearer your-authentication-token-here'
  }
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));

Handling Authentication Errors

If the token is missing, expired, or invalid, the server will respond with a 401 Unauthorized status code. It's important to handle these errors gracefully in your application.

Example Error Handling

fetch('/api/books', {
  method: 'GET',
  headers: {
    'Authorization': 'Bearer invalid-or-expired-token'
  }
})
.then(response => {
  if (response.status === 401) {
    throw new Error('Unauthorized: Please check your authentication token.');
  }
  return response.json();
})
.then(data => console.log(data))
.catch(error => console.error('Error:', error));

Refreshing the Authentication Token

For long-lived sessions, you may need to refresh the token periodically. The API may provide a token refresh endpoint to extend the token's validity without requiring the user to log in again.

Token Refresh Endpoint

Endpoint

POST /api/auth/refresh

Request Header

Header	Required	Description
Authorization	Yes	The current token in "Bearer" format.

Request Example

fetch('/api/auth/refresh', {
    method: 'POST',
    headers: {
      'Authorization': 'Bearer your-current-authentication-token'
    }
})
.then(response => response.json())
.then(data => {
  // Save the new authentication token
  const newToken = data.token;
  console.log('New Authentication Token:', newToken);
})
.catch(error => console.error('Error:', error));

Response Example

{
  "token": "new-authentication-token-here"
}

Best Practices for Authentication

• Secure Storage: Store authentication tokens securely, such as in HTTP-only cookies or secure storage mechanisms like localStorage or sessionStorage with proper security settings.
• Token Expiration: Handle token expiration and refresh the token if necessary.
• Error Handling: Gracefully handle authentication errors by prompting users to log in again or refresh their session.

With these guidelines, you can securely interact with the Bookshop API while protecting user data and ensuring a smooth user experience.