Authentication API
Secure user authentication, authorization, and access control for industrial systems
Production ReadyJWT-based authentication with RBAC
Overview
The Authentication API provides comprehensive security capabilities for industrial automation systems, featuring JWT-based authentication, role-based access control (RBAC), multi-factor authentication, and enterprise-grade security features for manufacturing environments.
Core Features
- • JWT-based authentication
- • Role-based access control (RBAC)
- • Multi-factor authentication (MFA)
- • Session management
- • API key authentication
- • Audit trail logging
Security Standards
- • OAuth 2.0 compatible
- • Industry-standard encryption
- • SOC 2 Type II compliance
- • GDPR privacy protection
- • NIST cybersecurity framework
- • Industrial security protocols
Enterprise Ready
Production-ready authentication system with enterprise-grade security features and compliance support.
Authentication
User Login
POST/api/auth/login
Authenticate user credentials and receive JWT tokens for API access.
Request Body
Requestjson
{
"username": "operator_123",
"password": "SecurePass2024!",
"remember_me": true,
"mfa_token": "123456"
}Successful Login Response
Responsejson
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer",
"expires_in": 1800,
"user": {
"id": "user_123",
"username": "operator_123",
"email": "[email protected]",
"full_name": "John Operator",
"user_type": "operator",
"status": "active",
"department": "production",
"is_system_admin": false,
"mfa_enabled": true,
"roles": [
{
"id": "role_456",
"name": "Machine Operator",
"permissions": [
"machines:read:assigned",
"components:read:assigned",
"documents:read:public"
]
}
],
"created_at": "2024-01-15T10:30:00Z",
"last_login": "2024-08-26T14:30:00Z"
}
}User Registration
POST/api/auth/register
Register new user account with role assignment and security setup.
Registration Request
{
"username": "maintenance_tech_456",
"email": "[email protected]",
"password": "SecurePass2024!",
"full_name": "Jane Technician",
"user_type": "technician",
"department": "maintenance",
"employee_id": "EMP-2024-456",
"phone": "+1-555-0123"
}User Management
Get Current User Profile
GET/api/auth/me
Retrieve detailed profile information for the authenticated user.
Headers Required
Authorization: Bearer {access_token}
User Profile Response
{
"user": {
"id": "user_123",
"username": "operator_123",
"email": "[email protected]",
"full_name": "John Operator",
"user_type": "operator",
"status": "active",
"department": "production",
"employee_id": "EMP-2024-123",
"phone": "+1-555-0456",
"is_system_admin": false,
"mfa_enabled": true,
"created_at": "2024-01-15T10:30:00Z",
"last_login": "2024-08-26T14:30:00Z"
},
"permissions": [
"machines:read:assigned",
"machines:operate:assigned",
"components:read:assigned",
"documents:read:public"
],
"assigned_machines": [
"machine_123",
"machine_456"
]
}Security Features
Multi-Factor Authentication
POST/api/auth/mfa/setup
Set up multi-factor authentication for enhanced security.
MFA Setup Request
{
"mfa_method": "totp",
"backup_methods": ["sms", "email"],
"phone_number": "+1-555-0123"
}MFA Setup Response
{
"mfa_enabled": true,
"primary_method": "totp",
"qr_code_url": "https://api.ffo.com/auth/mfa/qr/user_123",
"backup_codes": [
"123456789",
"987654321",
"456789123"
]
}Session Management
List Active Sessions
GET/api/auth/sessions
Retrieve all active sessions for the current user.
Active Sessions Response
{
"user_id": "user_123",
"active_sessions": [
{
"session_id": "session_789",
"device_info": {
"device_type": "desktop",
"os": "macOS",
"browser": "Chrome"
},
"location": {
"ip_address": "192.168.1.45",
"city": "New York",
"country": "US"
},
"created_at": "2024-08-26T14:30:00Z",
"last_activity": "2024-08-26T16:45:00Z",
"expires_at": "2024-08-26T20:30:00Z",
"is_current": true
}
],
"session_summary": {
"total_active": 1,
"desktop_sessions": 1,
"mobile_sessions": 0
}
}API Key Management
Create API Key
POST/api/auth/api-keys
Create new API key for programmatic access.
API Key Creation Request
{
"name": "Production Monitoring System",
"description": "API key for automated production monitoring",
"permissions": [
"machines:read:all",
"components:read:all"
],
"expires_at": "2025-08-26T00:00:00Z"
}API Key Creation Response
{
"api_key": {
"id": "apikey_123",
"name": "Production Monitoring System",
"key": "ffo_ak_1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9s0t",
"key_prefix": "ffo_ak_1a2b",
"created_at": "2024-08-26T17:30:00Z",
"expires_at": "2025-08-26T00:00:00Z",
"permissions": [
"machines:read:all",
"components:read:all"
]
},
"security_warning": "Store this API key securely. It will not be shown again."
}Compliance & Standards
The Authentication API is designed to meet industry-standard security and compliance requirements for industrial automation and manufacturing environments.
Security Standards
- • OAuth 2.0 / OpenID Connect
- • JWT (RFC 7519) token standard
- • OWASP security guidelines
- • NIST Cybersecurity Framework
- • ISO 27001 information security
- • AES-256 data encryption
Industrial Compliance
- • IEC 62443 industrial cybersecurity
- • NERC CIP critical infrastructure
- • GDPR privacy protection
- • SOC 2 Type II compliance
- • Comprehensive audit logging
- • Zero-trust architecture