Skip to main content

Overview

Tribe Social uses JWT (JSON Web Token) based authentication. All authenticated requests should include the JWT token either as:

  • A signed cookie named token
  • A header named token
  • A cookie named token

Authentication Flow

  1. User Authentication

    • Email/password authentication
    • OTP (One-Time Password) authentication
    • Social provider authentication
    • SSO integration for enterprise customers

  2. Token Management

    • Tokens are valid for 30 days
    • Tokens should be included in all authenticated requests
    • Tokens can be refreshed before expiration

Authentication Levels

  1. Public Access

    • No authentication required
    • Limited to public content and platform information

  2. User Authentication

    • Required for most API endpoints
    • Access to user-specific content and features
    • Managed via isAuthenticated middleware

  3. Creator Access

    • Enhanced privileges for content creators
    • Access to creator-specific features
    • Managed via isAdminOrCreator middleware

  4. Admin Access

    • Full platform access
    • Administrative capabilities
    • Managed via isAdmin middleware