Quick Start
1
Start Platform Server
Install and start the PraisonAI Platform server to enable authentication endpoints:
2
Authenticate and Use Token
Once registered, use the JWT token for authenticated API requests:
How It Works
API Reference
Authentication Endpoints
Request/Response Schemas
- Register Request
- Login Request
- Auth Response
- User Info Response
Configuration Options
Configure JWT authentication using environment variables:Client Examples
- curl Commands
- Python SDK
- httpx Direct
Common Patterns
Token Storage and Reuse
Token Storage and Reuse
Store JWT tokens securely for reuse across requests:
Error Handling for Auth Failures
Error Handling for Auth Failures
Handle common authentication errors gracefully:
Multi-User Session Management
Multi-User Session Management
Manage authentication for multiple users in the same application:
Testing
Verify authentication functionality with comprehensive tests:This single command installs every dependency required for pytest collection and execution, including
email-validator for EmailStr schemas — no manual follow-up installs.Tests require a running platform server instance. Start the server before running tests:
Best Practices
Secure Token Management
Secure Token Management
- Never log tokens: Avoid printing or logging JWT tokens in production
- Environment variables: Store tokens in environment variables, not source code
- Token rotation: Implement token refresh for long-running applications
- Secure transport: Always use HTTPS in production to protect token transmission
Password Security
Password Security
- Strong passwords: Enforce minimum password complexity requirements
- Password hashing: Platform uses bcrypt for secure password storage
- Rate limiting: Implement rate limiting on authentication endpoints
- Account lockout: Consider implementing account lockout after failed attempts
Production Configuration
Production Configuration
- Change JWT secret: Always set a strong, unique
PLATFORM_JWT_SECRETin production - Token expiry: Set appropriate
PLATFORM_JWT_TTLbased on security requirements - Environment validation: Set
PLATFORM_ENVto non-dev to enable production security checks - HTTPS only: Never expose authentication endpoints over HTTP in production
Error Handling
Error Handling
- Graceful degradation: Handle authentication failures gracefully
- Clear error messages: Provide helpful error messages for common auth issues
- Retry logic: Implement exponential backoff for transient failures
- Fallback mechanisms: Consider offline capabilities when authentication is unavailable
Related
Platform API
Complete platform API documentation
Security Features
Advanced security and protection features

