Authentication

Authentication in the Proof of Me Unified API ensures that only authorized users and applications can interact with the API endpoints. This layer of security protects sensitive data and prevents unauthorized usage of the service.

The PoM API uses Bearer Token Authentication, where users need to provide a valid token in the headers of their API requests. This token is generated upon successful user registration and serves as the key to access the API's features.

How Authentication Works

Token Generation:
- A Bearer Token is issued during the registration process (POST /api/v1/user/register-user).
- This token uniquely identifies the user and grants them access to the API endpoints.
Using the Token:
- The token must be included in the Authorization header for every API request.
- If the token is missing, invalid, or expired, the request will be denied with an appropriate error response.
Secure Your Token:
- Never expose your Bearer Token in public repositories or client-side code.
- Treat your token as sensitive information.

Example Header

To authenticate your requests, include the token in the Authorization header as shown below:

plaintextCopy codeAuthorization: Bearer your-generated-bearer-token

Example: Token in Use

Here’s an example of an API request with the Bearer Token included:

JavaScript Example

javascriptCopy codeconst fetch = require("node-fetch");

async function queryPoMAPI(endpoint, prompt) {
  const url = `https://api.pom.example/${endpoint}`;
  const response = await fetch(url, {
    method: "POST",
    headers: {
      "Authorization": "Bearer your-generated-bearer-token",
      "Content-Type": "application/json",
    },
    body: JSON.stringify({ prompt }),
  });

  if (!response.ok) {
    throw new Error(`Error: ${response.status} - ${response.statusText}`);
  }

  const data = await response.json();
  return data;
}

// Example Usage:
queryPoMAPI("ai/services?searchModel=2", "What is AI?")
  .then(response => console.log(response))
  .catch(error => console.error("Error:", error));

Python Example

pythonCopy codeimport requests

def query_pom_api(endpoint, prompt):
    url = f"https://api.pom.example/{endpoint}"
    headers = {
        "Authorization": "Bearer your-generated-bearer-token",
        "Content-Type": "application/json"
    }
    body = {"prompt": prompt}

    response = requests.post(url, headers=headers, json=body)

    if response.status_code != 200:
        raise Exception(f"Error {response.status_code}: {response.text}")

    return response.json()

# Example Usage
try:
    result = query_pom_api("ai/services?searchModel=2", "Explain AI in simple terms.")
    print("AI Response:", result)
except Exception as e:
    print("Error:", e)

Error Handling

If the Bearer Token is invalid or missing, the API will return an error response. Below are some common errors:

401 Unauthorized: Missing or invalid Bearer Token.
403 Forbidden: Token does not have access to the requested resource.
498 Invalid Token: Token is expired or no longer valid.

Example Error Response:

jsonCopy code{
  "statusCode": 401,
  "success": false,
  "message": "Unauthorized. Please provide a valid Bearer Token."
}

Best Practices for Authentication

Keep Your Token Secure: Store your token in a secure location (e.g., environment variables).
Regenerate Tokens Regularly: If you suspect your token has been compromised, generate a new one through the registration endpoint.
Use HTTPS: Always make API calls over HTTPS to encrypt the communication.

PreviousUse NextAPI v2.0

Last updated 11 months ago