Sign in to get your Access and Refresh tokens
The refreshToken is valid for 7 days.
Auth Best Practices
We recommend you store all the information returned by SignIn / SignUp except for expiresIn.
Every request except SignIn / SignUp require the accessToken in the Authorization header.
userId and refreshToken are used when you want to refresh your accessToken using the refresh-access-token endpoint.
Typical auth middleware flow: If any api request returns a 401 response code, this means your accessToken needs to be refreshed. Call the /auth/refresh-access-token endpoint. If this request returns a 401 as well, it means your refreshToken is expired. If the refreshToken is expired, remove the access and refresh tokens from local storage, call the /auth/revoke-refresh-token endpoint, then finally log the user out.