API login and sign-up
As mentioned in the previous section, users are managed via the users-permissions plugin. This plugin is not just there to manage users; it also adds an access layer to the API using a JSON Web Token (JWT) to authenticate users. Each time a request is made to a secure endpoint, a JWT must be present in the Authorization header. Additionally, the plugin exposes two API endpoints for sign-up and login. To better demonstrate this, let's consider the following requirement:
As an API user
I want to be able to register a new account with the following properties so that I can use the system using my identity:
- Username: educator1
- Email: [email protected]
- Password: password
To satisfy this requirement, we can simply use the /api/auth/local/register
endpoint to create a new user account. In Postman, issue a POST
request to /api/auth/local/register
with the following as a JSON payload:
{ "username": "educator1"...