Authentication

Overview

The Evaluate API uses JWT (JSON Web Token) authentication to secure all endpoints. You must include a valid JWT token in the Authorization header for all API requests.

Getting a JWT Token

Using the Provided Script

cd /Users/ericngo/Desktop/projects/dudu/evaluate
python get_jwt_token.py

This will generate a JWT token that you can use for API requests.

Manual Token Generation

If you need to generate tokens manually, you can use the shared authentication module:

from shared.auth import generate_jwt_token

# Generate token for user
token = generate_jwt_token(user_id="your_user_id")

Using the Token

Include the JWT token in the Authorization header:

curl -X POST "http://localhost:5049/api/outcomes/upload" \
  -H "Authorization: Bearer <your-jwt-token>" \
  -H "Content-Type: application/json" \
  -d '{"decision_id": "...", "customer_id": "...", "outcome": "..."}'

Token Security

Keep your JWT tokens secure and never expose them in client-side code
Tokens have an expiration time (default: 30 minutes)
Use HTTPS in production to protect token transmission
Implement proper token refresh mechanisms for production applications

Troubleshooting

401 Unauthorized

Check that your token is not expired
Verify the token is correctly formatted in the Authorization header
Ensure you're using the correct authentication service

403 Forbidden

Verify your user has the required permissions
Check that the token is valid for the requested resource

Shared Authentication

Both Recommend and Evaluate services use the same authentication system, allowing you to use the same JWT token across both APIs for seamless integration.

Overview​

Getting a JWT Token​

Using the Provided Script​

Manual Token Generation​

Using the Token​

Token Security​

Troubleshooting​

401 Unauthorized​

403 Forbidden​

Shared Authentication​