Authentication
Maintained by: Aether365 Team Audience: Developers Scope: API key creation and authenticating API requests
The Aether365 API uses JWT Bearer tokens issued by Aether365's authentication system. Every API request must include a valid token.
Obtaining a Token
Tokens are obtained by signing in through the Aether365 authentication flow using the Aether365 web app or SDK.
INFO
Direct token exchange via the authentication provider API is not recommended. Use the Aether365 web app sign-in flow to obtain a token, then use it in API requests as shown below.
Using the Token
Include the token in the Authorization header of every request:
bash
curl https://api.aether365.io/tenants \
-H "Authorization: Bearer <id-token>"Token Expiry
Tokens expire after 1 hour. When a token expires, API requests return 401 AUTH_EXPIRED_TOKEN.
Use the RefreshToken to get a new token without requiring the user to sign in again:
javascript
// Amplify handles refresh automatically
const session = await fetchAuthSession({ forceRefresh: true });
const newToken = session.tokens.idToken.toString();Token Contents
The JWT token contains claims used by the API for authorization:
| Claim | Description |
|---|---|
sub | Aether365 user ID (unique per user) |
email | User's email address |
custom:tenantId | The user's Aether365 tenant ID |
These claims are used server-side for tenant isolation. You do not need to pass tenant IDs separately in requests - they are extracted from the token.
Microsoft Identity
Aether365 uses Microsoft as the identity provider. When a user signs in with a Microsoft account, Aether365 issues a standard JWT token that the API accepts. The Microsoft sign-in flow is handled entirely in the web application - you do not interact with Microsoft's identity endpoints directly when using the API.