Skip to main content

Authentication API

The Authentication API provides secure authentication and authorization for the hotel management platform, supporting both hotel staff and guest authentication flows.

Overview

The Authentication API handles:

  • Multi-tenant Authentication - Organization-aware authentication and user management
  • Hotel Staff Authentication - Login, logout, and session management for hotel staff
  • Guest Authentication - Booking-based authentication for guest services
  • Token Management - JWT token generation, validation, and refresh
  • Role-based Access Control - Comprehensive RBAC system with permissions
  • Session Management - Active session monitoring and control
  • Multi-Factor Authentication - Two-factor authentication setup and management
  • User Invitations - Staff invitation and registration workflows

Key Features

Security

  • JWT tokens with secure expiration and refresh
  • Multi-factor authentication (MFA) support
  • Password policies and security enforcement
  • Session monitoring and management
  • Audit logging for security events

Multi-Tenant Architecture

  • Organization-scoped authentication
  • Tenant isolation validation
  • Cross-tenant access prevention
  • Super admin organization switching

User Management

  • User profile management
  • Role and permission assignment
  • User invitation workflows
  • Account status management

Authentication Methods

Staff Authentication

  • Email/password authentication with organization context
  • JWT tokens with refresh capability
  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA) support
  • Session management across devices

Guest Authentication

  • Booking reference validation
  • Session-based authentication
  • Temporary access tokens
  • Privacy-focused authentication

Organization Management

  • Multi-tenant organization support
  • Organization switching for super admins
  • Subscription-based access control
  • Organization-specific settings and policies