Passwordless Authentication

This app uses passwordless authentication. Advantage of this approach is no need to use any user passwords. This guide will show you the authentication flow.

Obtain a Callback Token

The first step is to obtain a callback token. Callback token is later replaced for the long-lived token. Use following command to obtain it:

curl -X POST -d ""

Command above will trigger email sending to the address provided.


Local development server does not send real e-mails. Instead e-mail HTML is printed to standard output. Search for login code there.


Authentication library currently uses only 6-digit callback tokens.

Obtain an Authorization Token

Callback token is short lived (15 minutes) and should be exchanged for authorization token:

curl -X POST -d ""

# returns token


This is a moment when user registration took place. User e-mail is connected with given token in database.

Using the Authorization Token

Most of API calls are private, sometimes limited only to the owner user. Provide obtained authorization token to get access to such resource:

curl -i -H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: Token 89ae6b76a9ec140a16ff369ef2f16e77f9b2919b" \