Most of Frontegg API routes can be used to authenticate either only by vendors or both by vendors and users.
There are two types of tags that indicate how the API route can be used:
`VendorOnly` and `Vendor & User`(Coming soon).
1. Follow the steps in this guide to get your vendor Client ID and API Key from the environment.
To authenticate as a User:
1. Authenticate as a local user for example by sending your email to https://[your-frontegg-sub-domain].frontegg.com/identity/resources/auth/v1/user i.e -
curl --request POST \
--url https://[your-frontegg-sub-domain].frontegg.com/identity/resources/auth/v1/user \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '{
"email": "test@frontegg.com",
"password": "123456"
}'
As a response you will get the JWT for the user and a refresh token.
2. You can use that JWT in further requests to any API routes marked with `Vendor & User`.
3. For example, a request to the route for creating an API token for a user as a user, will look as below:
curl --request POST \
--url https://example.frontegg.com/identity/resources/users/api-tokens/v1 \
--header 'accept: application/json' \
--header 'authorization: Bearer [user-JWT]' \
--header 'content-type: application/json'
**There is usually no need to send frontegg-tenant-id
andfrontegg-user-id
headers in requests containing user's JWT, because these values will be extracted from the JWT.
To authenticate with an API token:
** Requires API tokens to be enabled on the environment that you're working with.
1. Create a User Token using your vendor JWT and send a request to https://docs.frontegg.com/reference/userapitokensv1controller_createtenantapitoken with frontegg-tenant-id
andfrontegg-user-id
for the user and the tenant, you want this API key to be associated with.
2. In response to the previous request you will receive a clientId and an API key (secret). Save the secret somewhere is it won't be provided again.
3. To authenticate via the client ID and the API key that you received when creating a user token, send a request to - https://docs.frontegg.com/reference/authenticationapitokencontrollerv1_authapitoken
Note that you need to authenticate against your frontegg subdomain and not api.frontegg.com. The request should look as below:
curl --request POST \
--url https://[your-frontegg-sub-domain].frontegg.com/identity/resources/auth/v1/api-token \
--header 'accept: application/json' \
--header 'authorization: Bearer xxxx' \
--header 'content-type: application/json' \
--data '
{
"clientId": "xxx",
"secret": "xxx"
}
'