# Authentication

The table below provides a comprehensive overview of the Flashback API authentication endpoints, grouped by functional area. Each section lists the available HTTP functions along with a concise description of their purpose, helping developers understand how to authenticate users, manage OAuth flows, and control access tokens.

{% hint style="info" %}
Authentication is required for most API operations. The Flashback platform supports multiple authentication methods including OAuth providers and traditional username/password authentication.
{% endhint %}

## Token Management API Calls

<table><thead><tr><th width="247.4000244140625">Method</th><th>API Reference</th><th>Description</th></tr></thead><tbody><tr><td><mark style="color:green;"><code>GET</code></mark><code>/token</code></td><td><a href="/pages/9hVUSGDfoanSttMqZ2Es"><strong>get__token</strong></a></td><td>List all active refresh tokens for the user.</td></tr><tr><td><mark style="color:red;"><code>DELETE</code></mark><code>/token/{tokenId}</code></td><td><a href="/pages/uGgNTnNQg6wtH9cKCxoq"><strong>delete__token_{tokenId}</strong></a></td><td>Revoke a specific refresh token.</td></tr></tbody></table>

## OAuth Authentication API Calls

<table><thead><tr><th width="247.4000244140625">Method</th><th>API Reference</th><th>Description</th></tr></thead><tbody><tr><td><mark style="color:orange;"><code>POST</code></mark><code>/auth/google</code></td><td><a href="/pages/9op6xMR4agPYPJgIVRT5"><strong>post__auth_google</strong></a></td><td>Authenticate user using a Google OAuth access token.</td></tr><tr><td><mark style="color:orange;"><code>POST</code></mark><code>/auth/github</code></td><td><a href="/pages/3LFtgRjM34Evvcm4co72"><strong>post__auth_github</strong></a></td><td>Authenticate user using a GitHub OAuth code.</td></tr><tr><td><mark style="color:orange;"><code>POST</code></mark><code>/auth/github/refresh</code></td><td><a href="/pages/XvRdvIdR1bs34PBxvOmm"><strong>post__auth_github_refresh</strong></a></td><td>Refresh an expired GitHub access token.</td></tr><tr><td><mark style="color:orange;"><code>POST</code></mark><code>/auth/google/refresh</code></td><td><a href="/pages/H2TnKIrYZDNqPYnI5FCx"><strong>post__auth_google_refresh</strong></a></td><td>Refresh an expired Google access token.</td></tr><tr><td><mark style="color:orange;"><code>POST</code></mark><code>/auth/google/exchange</code></td><td><a href="/pages/xlYrK40BZUV5Js169XOJ"><strong>post__auth_google_exchange</strong></a></td><td>Exchange Google OAuth code for an access token.</td></tr></tbody></table>

## Authentication Flow Overview

### OAuth Authentication

The Flashback platform supports OAuth 2.0 authentication with popular providers:

* **Google OAuth**: Complete OAuth flow including code exchange and token refresh
* **GitHub OAuth**: GitHub-specific OAuth implementation with refresh capabilities

### Traditional Authentication

For applications that prefer traditional authentication:

* **User Registration**: Create new user accounts with email verification
* **User Login**: Authenticate with email/password credentials
* **Token Refresh**: Maintain session continuity with refresh tokens

### Token Management

Secure token lifecycle management:

* **Token Listing**: View all active refresh tokens for the current user
* **Token Revocation**: Securely revoke specific refresh tokens when needed

{% hint style="warning" %}
**Security Note**: Always use HTTPS in production environments and store refresh tokens securely. Never expose access tokens in client-side code or logs.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.flashback.tech/support-reference/platform-api-reference/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.