Stratify - Institutional Intelligence, Retail Simplicity

Learn how to authenticate with the Stratify API using JWT tokens, manage API keys, and implement secure authentication flows.

Base URL: http://localhost:8000/api/v1 (development)
Production URL: https://api.stratify.app/v1

Authentication Methods

Stratify API uses JWT (JSON Web Tokens) for authentication:

Access Token

Short-lived token (15 minutes) for API requests. Include in Authorization header.

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Refresh Token

Long-lived token (7 days) to obtain new access tokens without re-logging in.

User Registration

POST/api/v1/auth/register

Create a new user account.

Request Body:

{
  "email": "user@example.com",
  "password": "SecurePass123!",
  "full_name": "John Doe"
}

Response (201 Created):

{
  "success": true,
  "data": {
    "user_id": "123e4567-e89b-12d3-a456-426614174000",
    "email": "user@example.com",
    "verification_required": true
  },
  "message": "Registration successful. Check email for verification."
}

Login

POST/api/v1/auth/login

Authenticate user and receive tokens.

Request Body:

{
  "email": "user@example.com",
  "password": "SecurePass123!"
}

Response (200 OK):

{
  "success": true,
  "data": {
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "token_type": "bearer",
    "expires_in": 900
  }
}

Refresh Token

POST/api/v1/auth/refresh

Get new access token using refresh token.

Request Body:

{
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Response (200 OK):

{
  "success": true,
  "data": {
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expires_in": 900
  }
}

Using Access Tokens

Include the access token in the Authorization header for all API requests:

Example Request:

curl -X GET "http://localhost:8000/api/v1/watchlists" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -H "Content-Type: application/json"

Security Best Practices

💡 Store Tokens Securely

Never expose tokens in client-side code. Use secure HTTP-only cookies or encrypted storage.

💡 Handle Token Expiration

Implement automatic refresh logic. When you receive 401 Unauthorized, use refresh token to get new access token.

💡 Use HTTPS in Production

Always use HTTPS (not HTTP) in production to encrypt tokens in transit.

Authentication Error Codes

Code	Status	Meaning
INVALID_CREDENTIALS	401	Wrong email/password
TOKEN_EXPIRED	401	Access token expired, refresh needed
EMAIL_NOT_VERIFIED	403	User must verify email first
ACCOUNT_DISABLED	403	Account suspended or banned
EMAIL_EXISTS	409	Email already registered