Authentication
The VibeMobi Favorite Number Management API uses OAuth2 Bearer token authentication. Before using most API endpoints, you need to authenticate and obtain a Bearer token.
Generate Bearer Token
Endpoint
Request Body
The request must be sent as application/x-www-form-urlencoded:
| Parameter | Type | Required | Description |
|---|---|---|---|
| username | string |
Yes | The username for authentication |
| password | string |
Yes | The password for authentication |
| grant_type | string |
No | OAuth2 grant type (default: "password") |
| scope | string |
No | OAuth2 scope (default: "") |
| client_id | string |
No | OAuth2 client ID |
| client_secret | string |
No | OAuth2 client secret |
Example Request
curl -X POST https://fav3.vibemobi.com/v1/login/access-token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=your_username&password=your_password"
Response Examples
Successful Response
A successful authentication will return a JSON object containing the access token and token type:
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
"token_type": "bearer"
}
Invalid Credentials
If the provided credentials are incorrect, you will receive a validation error:
{
"detail": [
{
"loc": ["body", "username"],
"msg": "field required",
"type": "value_error.missing"
}
]
}
Test Token
You can test if your access token is valid using the test token endpoint.
Endpoint
Authentication
This endpoint requires authentication. Include the Bearer token in the Authorization header:
Example Request
curl -X POST https://fav3.vibemobi.com/v1/login/test-token \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Response
Returns the current user information if the token is valid:
{
"username": "john_doe",
"email": "john@example.com",
"is_active": true,
"is_superuser": false,
"is_staff": false,
"full_name": "John Doe",
"id": "123e4567-e89b-12d3-a456-426614174000"
}
Password Recovery
Initiate Password Recovery
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
string |
Yes | Email address for password recovery |
Example Request
Response
Reset Password
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
| token | string |
Yes | Password reset token from email |
| new_password | string |
Yes | New password (8-40 characters) |
Example Request
curl -X POST https://fav3.vibemobi.com/v1/reset-password/ \
-H "Content-Type: application/json" \
-d '{
"token": "reset_token_from_email",
"new_password": "new_secure_password"
}'
Response
Using the Token
Once you have obtained the access token, you must include it in the Authorization header of all subsequent API requests:
Example
curl -X GET https://fav3.vibemobi.com/v1/users/me \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
-H "Content-Type: application/json"
Token Expiration
The access token has a limited validity period. If your token expires, you will receive a 401 Unauthorized response. In this case, you need to generate a new token by authenticating again.
Example Expired Token Response
Security Best Practices
Security Guidelines
- Keep your access token secure and do not share it
- The token provides access to perform operations on behalf of your account
- Store tokens securely and never expose them in client-side code
- Implement proper token refresh mechanisms in your applications
- Use HTTPS for all API communications
- Rotate passwords regularly and use strong passwords
Token Storage
Access tokens should be stored securely in your application. Consider using:
- Secure HTTP-only cookies for web applications
- Encrypted storage for mobile applications
- Environment variables or secure vaults for server applications