Authentication

The NOÉ API uses authentication based on JWT (JSON Web Tokens) to secure access to endpoints.

All protected endpoints require a valid JWT token in the HTTP header:

Authorization: JWT <your-jwt-token>

Obtaining a token

Log in to your NOÉ account and go to your "My Account" page (click on your profile at the bottom left), then scroll down to "API Token": it’s here!

You can also directly use the API with your NOÉ credentials to retrieve one:

curl 'http://api.noe-app.io/auth/authenticate' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  --data-raw '{"email":"email@example.com","password":"xxxxxxxxxxxx"}'

Response:

{
  "jwt_token": "eyJhbGciOiJIUzZj8dIsInR5cCI6IkpXVCJ9..."
}

Refreshing your token

Tokens are valid for more than one year, for ease of connection. But if you want to refresh one, use:

curl 'http://localhost:4000/auth/refreshAuthTokens'
  -H 'Accept: application/json'
  -H 'Content-Type: application/json'
  -H 'Authorization: JWT eyJhbGciOiJIUzZj8dIsInR5cCI6IkpXVCJ9...'

Best practices

Never expose tokens in client code
Use HTTPS for all requests
Store tokens securely
Implement automatic token rotation

Obtaining a token​

Refreshing your token​

Best practices​

Obtaining a token

Refreshing your token

Best practices