Skip to main content
Platform Authentication enables secure access to the PraisonAI Platform using JWT tokens for API authentication. Platform Authentication enables secure access to the PraisonAI Platform using JWT tokens for API authentication.
The user registers, logs in, and sends JWT bearer tokens on each API request for authorised access.

Quick Start

1

Start Platform Server

Install and start the PraisonAI Platform server to enable authentication endpoints:
2

Authenticate and Use Token

Once registered, use the JWT token for authenticated API requests:

How It Works


API Reference

Authentication Endpoints

Request/Response Schemas


Configuration Options

Configure JWT authentication using environment variables:
Security Notice: Always change PLATFORM_JWT_SECRET in production environments. Using the default secret poses a security risk.

Client Examples


Common Patterns

Store JWT tokens securely for reuse across requests:
Handle common authentication errors gracefully:
Manage authentication for multiple users in the same application:

Testing

Verify authentication functionality with comprehensive tests:
This single command installs every dependency required for pytest collection and execution, including email-validator for EmailStr schemas — no manual follow-up installs.
Tests require a running platform server instance. Start the server before running tests:

Best Practices

  • Never log tokens: Avoid printing or logging JWT tokens in production
  • Environment variables: Store tokens in environment variables, not source code
  • Token rotation: Implement token refresh for long-running applications
  • Secure transport: Always use HTTPS in production to protect token transmission
  • Strong passwords: Enforce minimum password complexity requirements
  • Password hashing: Platform uses bcrypt for secure password storage
  • Rate limiting: Implement rate limiting on authentication endpoints
  • Account lockout: Consider implementing account lockout after failed attempts
  • Change JWT secret: Always set a strong, unique PLATFORM_JWT_SECRET in production
  • Token expiry: Set appropriate PLATFORM_JWT_TTL based on security requirements
  • Environment validation: Set PLATFORM_ENV to non-dev to enable production security checks
  • HTTPS only: Never expose authentication endpoints over HTTP in production
  • Graceful degradation: Handle authentication failures gracefully
  • Clear error messages: Provide helpful error messages for common auth issues
  • Retry logic: Implement exponential backoff for transient failures
  • Fallback mechanisms: Consider offline capabilities when authentication is unavailable

Platform API

Complete platform API documentation

Security Features

Advanced security and protection features