ShkolaFit

Authentication

To access any of the ShkolaFit API endpoints, you'll need to authenticate your requests. In this guide, we’ll explain how authentication works with ShkolaFit Tokens, which are securely managed and protected using Row-Level Security (RLS) on the backend.

ShkolaFit Tokens

ShkolaFit API uses tokens to authenticate and authorize API requests. Each token is uniquely tied to a specific user and managed by ShkolaFit's backend, which ensures security and compliance using Supabase’s Row-Level Security (RLS).

Key Features of ShkolaFit Tokens:

  • Secure: All tokens are stored and processed securely on the backend with RLS policies, ensuring only authorized users can access their tokens or make API calls.
  • User-Specific: Each token is linked to a user, and access is restricted to the token's owner.
  • Revocable: Tokens can be revoked or updated at any time for security purposes.

How to Use Your Token

  1. Retrieve Your Token You can retrieve your token from your user dashboard or by making an authenticated request to the ShkolaFit API.

  2. Include Your Token in API Requests Use the token in the Authorization header to authenticate your requests:

Example request history with ShkolaFit Token

curl https://api.shkolafit.com/v1/fetchMyRequests \
  -H "Authorization: Bearer {your_token}"
  1. Token Example Below is an example of using your ShkolaFit token to fetch your account details.

Example request data with ShkolaFit Token

curl https://api.shkolafit.com/v1/fetchMyData \
  -H "Authorization: Bearer {your_token}"

Token Security

At ShkolaFit, your token is protected by Row-Level Security (RLS) policies in the backend. This ensures:

  • Privacy: Each user can only access their tokens and data.
  • Control: Unauthorized access is automatically blocked at the database level.
  • Compliance: RLS enhances security compliance by enforcing strict access control.

Token via API

If you don’t already have your token, you can retrieve it using your user credentials:

Request:

Retrieving Your Token via API

curl -X POST https://api.shkolafit.com/v1/auth \
  -H "Content-Type: application/json" \
  -d '{
        "email": "your_email@example.com",
        "password": "your_password"
      }'

Response:

json

{
  "userId": "your_user_id",
  "token": "your_generated_token",
  "expires_in": 3600
}

ShkolaFit SDKs

If you use one of our official SDKs, token handling is automated. You only need to provide your credentials once, and the SDK will take care of token management behind the scenes.

JavaScript SDK:

import { createClient } from '@shkolafit/sdk';

const client = createClient({
  apiKey: 'your_api_key',
  token: 'your_token',
});

const userDetails = await client.users.get();
console.log(userDetails);

Token Safety

Always:

  • Store your token securely.
  • Rotate your token if you suspect it has been compromised.
  • Avoid committing your token to version control systems like GitHub.

Was this page helpful?