User Authentication (JWT)
These endpoints provide per-user login and JWT session management for interactive applications: custom front-ends, customer portals, and embedded tools where individual users need to sign in and maintain a session. Base URL:https://api.vh3connect.io/api:lBQnyyZL
Login requires only
email and password. The user’s tenant is resolved server-side. After login, every call uses Authorization: Bearer <token>, no API key is ever sent from the client.Need to manage users from a back-end script or integration (no user session)? Use the Users endpoints on the main FSI API with
company_id + api_key. Those endpoints are server-side only: the API key must never appear in client-side code.POST /auth/login
Authenticate a user with email and password. Returns a JWT token valid for 24 hours. The user’s tenant is resolved server-side from their account, no API key is required from the client. Request body:POST /auth/refresh
Refresh an expiring JWT token. Returns a new token with a fresh 24-hour expiry. Headers:GET /auth/me
Get the current user profile from the JWT token. Includes the user’s company information. Headers:POST /users/invite
Invite a new user by email to the authenticated user’s company. Returns an invitation token valid for 7 days. Requiresadmin or developer role.
Headers:
Request body:
GET /users/list
List all active users belonging to the authenticated user’s company. Supports pagination. Requiresadmin or developer role.
Headers:
Query parameters:
DELETE /users/
Soft-delete a user by setting their account to archived. The user will no longer be able to log in. Cannot delete your own account. Requiresadmin or developer role.
Headers:
Path parameters: