Febasidocs
Reference

Endpoints

The complete public surface of Febasi Auth, grouped by module, with required permissions.

The Auth exposes 42 documented endpoints under /api/v1, organized into six modules. The same OpenAPI 3.1 specification used to render the Swagger UI at https://auth.febasi.com.br/docs powers the Postman collection shipped with the service.

The tables below are a navigational map. For request/response shapes, authentication semantics, and error handling, follow the relevant guide.

Authentication module

MethodPathAuthPermission
POST/loginPublic
POST/refreshPublic
POST/logoutJWT
POST/registerPublic
GET/meJWT
POST/validateJWT
GET/auth-logsJWTauth:logs

See Login flow in depth and Refresh tokens & rotation.

Users module

MethodPathAuthPermission
GET/usersJWT / Keyusers:read
GET/users/:userIdJWT / Keyusers:read
PATCH/users/:userIdJWT / Keyusers:update
DELETE/users/:userIdJWT / Keyusers:delete

PATCH /users/:userId accepts updates to email, username, status, emailVerified, and otpEnabled. Passwords are not changed via this endpoint.

Roles module

MethodPathAuthPermission
GET/rolesJWT / Keyroles:read
GET/roles/:idJWT / Keyroles:read
GET/roles/:id/permissionsJWT / Keyroles:read
POST/rolesJWT / Keyroles:create
PATCH/roles/:idJWT / Keyroles:update
DELETE/roles/:idJWT / Keyroles:delete
POST/roles/assignJWT / Keyroles:assign
POST/roles/removeJWT / Keyroles:revoke
POST/roles/:id/permissionsJWT / Keyroles:update
DELETE/roles/:id/permissionsJWT / Keyroles:update

The hierarchy rule applies to every assign/remove call — see Authorization.

Permissions module

MethodPathAuthPermission
GET/permissionsJWT / Keypermissions:read
GET/permissions/customJWT / Keypermissions:read
POST/permissionsJWT / Keypermissions:create
PATCH/permissions/:idJWT / Keypermissions:update
DELETE/permissions/:idJWT / Keypermissions:delete
POST/permissions/grantJWT / Keypermissions:grant
POST/permissions/revokeJWT / Keypermissions:revoke
GET/permissions/user/:userIdJWT / Keypermissions:read
POST/permissions/checkJWT / Key

POST /permissions/check reads from the database, not the JWT — use it when permission changes need to take effect immediately.

Tenants module

MethodPathAuthPermission
GET/tenantsJWT / Keytenants:read
POST/tenantsJWT / Keytenants:create
GET/tenants/:idJWT / Keytenants:read
GET/tenants/meJWT
PATCH/tenants/:idJWT / Keytenants:update
DELETE/tenants/:idJWT / Keytenants:delete
PATCH/tenants/:id/configJWT / Keytenants:update
GET/tenants/me/configJWT
POST/tenants/me/jwt-secret/generateJWTtenants:update
GET/tenants/me/jwt-secretJWTtenants:read
POST/tenants/me/jwt-secret/setJWTtenants:update
POST/tenants/me/jwt-secret/clearJWTtenants:update
GET/tenants/me/metricsJWT / Keytenants:read
GET/tenants/me/metrics/securityJWT / Keytenants:read
PUT/tenants/:id/databaseJWT / Keytenants:update
GET/tenants/searchJWT / Keytenants:read

The JWT-secret endpoints implement secret rotation with a 7-day overlap.

Client Keys module

MethodPathAuthPermission
GET/client-keys/scopesJWT / Key
GET/client-keys/tenantJWT / Key
GET/client-keysJWT / Keyadmin:*
POST/client-keysJWT / Keyclient-keys:create
GET/client-keys/:idJWT / Keyclient-keys:read
PATCH/client-keys/:idJWT / Keyclient-keys:update
POST/client-keys/:id/revokeJWT / Keyclient-keys:revoke
GET/client-keys/:id/logsJWT / Keyclient-keys:read
GET/client-keys/:id/statsJWT / Keyclient-keys:read

See Client Keys (service-to-service auth).

System endpoints

MethodPathAuthDescription
GET/healthPublicDatabase and routing-pool status.
GET/docsPublicInteractive Swagger UI for the OpenAPI 3.1 spec.

Client Keys (service-to-service auth)

Long-lived API keys with scoped permissions and full usage logs — the right tool for backend integrations.

Errors

The error envelope, every error code Febasi Auth returns, and what each one means in practice.

On this page

Authentication moduleUsers moduleRoles modulePermissions moduleTenants moduleClient Keys moduleSystem endpoints