Authentication Methods

1. JWT Tokens

The service uses JSON Web Tokens (JWT) for secure authentication:

• Access Token: Valid for 1 hour, used for API requests

• Refresh Token: Valid for 24 hours, used to obtain new access tokens

• Algorithm: HS256

• Format: Bearer token in Authorization header

2. OTP System

One-Time Passwords (OTP) are used for:

• Email verification during signup

• Passwordless login

• Password reset

• Email change verification

• OTP Length: 6 digits

• OTP Validity: 3 minutes

• Rate Limiting: 3 requests per 30 seconds

3. Password Requirements

• Minimum length: 8 characters

• Must contain letters and numbers

• Cannot be too common

• Cannot be similar to user attributes