Authentication

JWT Authentication

All API endpoints (except /health) require JWT authentication using Bearer tokens.

Getting a Token

Use the provided get_jwt_token.py script to obtain a JWT token:

cd /Users/ericngo/Desktop/projects/dudu/recommend
python get_jwt_token.py

Using the Token

Include the JWT token in the Authorization header for all API requests:

# Recommend API
curl -X POST "http://localhost:5051/api/recommend/recommend" \
  -H "Authorization: Bearer <your-jwt-token>"

# Evaluate API  
curl -X GET "http://localhost:5049/api/stats/overall" \
  -H "Authorization: Bearer <your-jwt-token>"

Token Structure

The JWT token contains:

user_id: Unique user identifier
email: User email address
exp: Token expiration timestamp
iat: Token issued timestamp

Error Responses

401 Unauthorized

{
  "detail": "Could not validate credentials"
}

401 Unauthorized

{
  "detail": "Token has expired"
}

Environment Variables

JWT_SECRET_KEY=your-secret-key
JWT_ALGORITHM=HS256
JWT_EXPIRATION_MINUTES=30

JWT Authentication​

Getting a Token​

Using the Token​

Token Structure​

Error Responses​

Environment Variables​