Edit

Authentication

The table below provides a comprehensive overview of the Flashback API authentication endpoints, grouped by functional area. Each section lists the available HTTP functions along with a concise description of their purpose, helping developers understand how to authenticate users, manage OAuth flows, and control access tokens.

Authentication is required for most API operations. The Flashback platform supports multiple authentication methods including OAuth providers and traditional username/password authentication.

OAuth Authentication API Calls

Method
API Reference
Description

POST/auth/google

post__auth_google

Authenticate user using a Google OAuth access token.

POST/auth/google/exchange

post__auth_google_exchange

Exchange Google OAuth code for an access token.

POST/auth/google/refresh

post__auth_google_refresh

Refresh an expired Google access token.

POST/auth/github

post__auth_github

Authenticate user using a GitHub OAuth code.

POST/auth/github/refresh

post__auth_github_refresh

Refresh an expired GitHub access token.

Traditional Authentication API Calls

Method
API Reference
Description

POST/user/login

post__user_login

Log in an existing user using credentials.

POST/user/register

post__user_register

Register a new user with email and password.

POST/user/refresh

post__user_refresh

Refresh JWT access token using a refresh token.

Token Management API Calls

Method
API Reference
Description

GET/token

get__token

List all active refresh tokens for the user.

DELETE/token/{tokenId}

delete__token_{tokenId}

Revoke a specific refresh token.

Authentication Flow Overview

OAuth Authentication

The Flashback platform supports OAuth 2.0 authentication with popular providers:

  • Google OAuth: Complete OAuth flow including code exchange and token refresh

  • GitHub OAuth: GitHub-specific OAuth implementation with refresh capabilities

Traditional Authentication

For applications that prefer traditional authentication:

  • User Registration: Create new user accounts with email verification

  • User Login: Authenticate with email/password credentials

  • Token Refresh: Maintain session continuity with refresh tokens

Token Management

Secure token lifecycle management:

  • Token Listing: View all active refresh tokens for the current user

  • Token Revocation: Securely revoke specific refresh tokens when needed

Security Note: Always use HTTPS in production environments and store refresh tokens securely. Never expose access tokens in client-side code or logs.

PreviousPlatform API ReferenceNextget__token

Last updated

Was this helpful?