Simple TODO API to CRUDS (Create, Read, Update, Searsh) the users todos, each user have unique token.
In this API we use JWT (JSON Web Token) to authenticate the users, the token is generated when the user is created and is returned in the response. The token is used to authenticate the user in the other endpoints.
The token is sent in the header of the request in the format Authorization: Bearer <token>.
The token doesn't expire, but can be revoked, if the token is revoked the user will not be able to use it anymore, you can revoke the token in the /api/auth/revoke endpoint.
- Set
Authorizationheader in the request with the token, else will return400 Bad Request. - The token should start with
Bearerand then the token, else will return400 Bad Request. - The token should be valid, else will return
401 Unauthorized. - The token should not be revoked, else will return
403 Forbidden.
The API has a rate limit of 30 burst requests per minute, if you exceed the limit will return 429 Too Many Requests.
x-ratelimit-limit: Your burst size, maximum number of requests you can make in a burstx-ratelimit-remaining: The requests remaining in the current burst, when it reaches 0 the next request will return429 Too Many Requests.x-ratelimit-reset: The time in seconds when the current burst will be reset.