Authentication
title: Authentication
Authentication
Most endpoints in the FUO Wallet API require a valid JWT token passed in the Authorization header.
Getting a Token
Tokens are issued when a user or admin logs in successfully. See the Users or Admin login endpoints.
Using a Token
Include the token in every protected request:
Authorization: Bearer <your_jwt_token>
Token Expiry
| Role | Expiry |
|---|---|
| User | 1 hour |
| Admin | 2 hours |
Password reset tokens are also JWTs and expire after 1 hour.
Protected vs Public Endpoints
Most endpoints require authentication. The following are public (no token needed):
POST /api/users/signupPOST /api/users/loginPOST /api/users/send-reset-password-emailPOST /api/users/reset-passwordPOST /api/admin/loginGET /api/paystack/callback