> ## Documentation Index
> Fetch the complete documentation index at: https://docs.verify-group.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate Verify Group API requests with JWT bearer tokens, refresh the access token, and set the required multi-tenant organization header.

Every request must include `Authorization: Bearer <token>`.

## Login

```bash theme={null}
POST /api/v1/auth/login
```

```json theme={null}
{"email":"user@example.com","password":"yourpassword"}
```

**Response:**

```json theme={null}
{"data":{"accessToken":"eyJ...","refreshToken":"eyJ...","expiresIn":3600}}
```

## Refresh a token

```bash theme={null}
POST /api/v1/auth/refresh
```

```json theme={null}
{"refreshToken":"eyJ..."}
```

## Required headers

| Header              | Required       | Description               |
| ------------------- | -------------- | ------------------------- |
| `Authorization`     | Always         | `Bearer <token>`          |
| `X-Organization-ID` | Most endpoints | UUID of your organization |

## Security best practices

<Check>Store access tokens in memory, not localStorage</Check>
<Check>Store refresh tokens in httpOnly secure cookies</Check>
<Check>Use HTTPS everywhere</Check>
<Check>Revoke tokens on logout</Check>
