diff --git a/www/apps/api-reference/app/_mdx/admin.mdx b/www/apps/api-reference/app/_mdx/admin.mdx index e6c9e88d51..a4d905f4a2 100644 --- a/www/apps/api-reference/app/_mdx/admin.mdx +++ b/www/apps/api-reference/app/_mdx/admin.mdx @@ -32,7 +32,7 @@ Aside from this API reference, check out the [Commerce Modules](https://docs.med ## Authentication -There are two ways to send authenticated requests to the Medusa server: Using a user's API token, or using a Cookie Session ID. +There are three ways to send authenticated requests to the Medusa server: Using a user's API token, using a JWT token or using a Cookie Session ID. ### API Token @@ -103,12 +103,10 @@ export default UpdateUser`, #### How to Use the API Token -The API token can be used for Bearer Authentication. It's passed in the -`Authorization` header as the following: - +The API token can be used by providing it in `x-medusa-access-token` header: ```bash -Authorization: Bearer {api_token} +x-medusa-access-token: {api_token} ``` You can also pass it to client libraries: @@ -154,6 +152,36 @@ You can also pass it to client libraries: pathName="/api/admin" /> +### JWT Token + +Use a JWT token to send authenticated requests. Authentication state is managed by the client, which is ideal for Jamstack applications and mobile applications. + +#### How to Obtain the JWT Token + +JWT tokens are obtained by sending a request to the [User Login (JWT) endpoint](#auth_posttoken) passing it the user's email and password in the request body. For example: + +```bash +curl -X POST 'https://medusa-url.com/admin/auth/token' \ +-H 'Content-Type: application/json' \ +--data-raw '{ + "email": "user@example.com", + "password": "supersecret" +}' + +``` + +If authenticated successfully, an object is returned in the response with the property `access_token` being the JWT token. + +#### How to Use the JWT Token + +The JWT token can be used for Bearer Authentication. It's passed in the +`Authorization` header as the following: + + +```bash +Authorization: Bearer {jwt_token} +``` + ### Cookie Session ID Use a cookie session to send authenticated requests. diff --git a/www/apps/api-reference/app/_mdx/store.mdx b/www/apps/api-reference/app/_mdx/store.mdx index d267363aa8..3b1d20d172 100644 --- a/www/apps/api-reference/app/_mdx/store.mdx +++ b/www/apps/api-reference/app/_mdx/store.mdx @@ -33,8 +33,37 @@ Aside from this API reference, check out the [Commerce Modules](https://docs.med ## Authentication -To send requests as an authenticated customer, you must use the Cookie -Session ID. +There are two ways to send authenticated requests to the Medusa server: Using a JWT token or using a Cookie Session ID. + +### JWT Token + +Use a JWT token to send authenticated requests. Authentication state is managed by the client, which is ideal for Jamstack applications and mobile applications. + +#### How to Obtain the JWT Token + +JWT tokens are obtained by sending a request to the [Customer Login (JWT) endpoint](#auth_authtoken) passing it the customer's email and password in the request body. For example: + +```bash +curl -X POST 'https://medusa-url.com/store/auth/token' \ +-H 'Content-Type: application/json' \ +--data-raw '{ + "email": "user@example.com", + "password": "supersecret" +}' + +``` + +If authenticated successfully, an object is returned in the response with the property `access_token` being the JWT token. + +#### How to Use the JWT Token + +The JWT token can be used for Bearer Authentication. It's passed in the +`Authorization` header as the following: + + +```bash +Authorization: Bearer {jwt_token} +``` ### Cookie Session ID