Orbit Logo
Reference/Overview/Authentication/Jwt

This endpoint allows trusted apps to authenticate users into the Orbit app using a secure POST request containing organization, account, and user details. The Orbit app will validate the request, create any new users/orgs/accounts as needed, and return a signed JWT token for the session.

Supported Hierarchy:

  • BusinessUnit
    • Organization (e.g., Gym 1, Gym 2)
      • Account (e.g., Club 1, Club 2)
        • User (e.g., Manager, Trainer)

Only users scoped to the Organization level and below may be authenticated through this endpoint. buadmin users are not supported via JWT and must log in through the Orbit app UI directly.

Required Fields:

The request must include:

  • platform (provided by Orbit)
  • org_id, account_id, user_id (all unique, external identifiers)
  • email, name, and roles

Authentication & Security:

  • Requests must include a valid x-api-key header assigned per partner app.
  • JWTs are generated and signed by Orbit, and expire after 1 hour.
  • Requests missing required fields or failing validation will be rejected.
  • All login attempts are logged.
  • Rate limiting: max 10 failed attempts per 10 minutes.

Auto-Creation Logic:

  • Users are uniquely identified by the combination of org_id, account_id, and user_id.
  • If no matching record exists, Orbit will automatically create the user, and their account/org if needed.
  • If the same triple is submitted again, the user will log into the existing account.

Logged Events:

  • JWT logins
  • New org/account/user creation via JWT

This endpoint enables seamless SSO-like access from partner apps, allowing Orbit to act as an extension of your system without user password management.

POST
/jwt

Authorization

x-api-key<token>

In: header

Request Body

platformstring

Platform UUID provided by Orbit

Formatuuid
org_idstring

External organization ID

account_idstring

External account ID

account_name?string

Optional account name

user_idstring

External user ID

emailstring
Formatemail
namestring
rolesarray<string>

Response Body

curl -X POST "https://platform.api.csiorbit.com/v1/jwt" \
  -H "Content-Type: application/json" \
  -d '{
    "platform": "45b4ae05-bbc8-472e-9d10-01e5860c8810",
    "org_id": "3934c1f8-65e2-4679-a102-cc2c1a91d4cc",
    "account_id": "dc558ffd-b136-4f26-8d00-38b53e9dc2e8",
    "user_id": "02b56a12-c348-451d-8b60-9b76e79ba692",
    "email": "johnsmith@example.com",
    "name": "John Smith",
    "roles": [
      "user"
    ]
  }'
{
  "token": "eyJhbGciTSLIUzI1NiIsInR5cCI6IkpXVCJ9.Uahu72faWQiOiJjdy0xMjMiLCJhY2NvdW50X2PkIjoiY3ctOOshbiwiYWNjb3VudF9uYW1lIjoiQXRoWGV0aQMgQ2x1YiIsInVzZXJfaWQiOiJjdy0xMDAzIiwiZW1haWwiOi9tYXR0Y2l0ZXN0QG2tYWlsLmNvbSIsIm5hbWUiOiJNYXR0IE1hcnNhbmRpIiwQcm9sZXMiO2sidXNlciJdLCJzdGF0dXMmOiJhY3RpdmUiLCJwbGF0Zm9ybSI6IjUwOTQ2ZGQwLTVkMWQtNDkzYy1iOTUxLTUwMzcyYjAy4DZjNCIsImlhdCI6MTc3Mzg4MKg0NSwiZXhwIjoxNzUzODg1NDQ1fQ.lxTY4V1bzIECbwWjDVGh11f5HvI5dcByFZnRhryGDJE"
}
Empty
Empty
Empty
Empty

Last updated on

Overview

Orbit App API Documentation