Authentication & Permissions
Authentication
The API uses JWT (JSON Web Token) for authentication stored in HttpOnly Cookies.
Most endpoints require you to be logged in. The cookie is automatically handled by the browser after a successful login via POST /sessions.
No manual header is required for authenticated requests if the cookie is set.
Permissions
Permissions are handled via Roles assigned to user profiles within specific contexts (Spaces, Cities, etc.).
Roles include:
ADMINISTRATOR(System wide)ADMINISTRATOR_SPACEDIGITADOR_CITYDIGITADOR_ACREADERTESTER- etc.
Access control is enforced at the Use Case level, not just the route level.