Authentication Models

The Tenant portal uses the WEB chain exclusively. Authentication is JWT-based with Secure Channel (SCv2) for sensitive operations.

WEB Chain Auth

Every authenticated Tenant portal request uses:

1. portal entrypoint context (X-PORTAL-ACCESS-CODE)
2. Secure Channel for sensitive entry operations (login, registration, password)
3. JWT for authenticated requests (Authorization: Bearer <jwt>)
4. X-Client-Hash for session fingerprint binding

Typical Auth Flow

1. Establish Secure Channel session
2. Call login endpoint (encrypted via SCv2)
3. Receive JWT access token and refresh token
4. Use JWT on subsequent WEB requests
5. Refresh the token before expiry

What To Check Before Calling

1. required headers are present
2. whether Secure Channel is required for the endpoint
3. whether portal and fingerprint context must already exist
4. JWT has not expired

Read Next

1. Secure Channel