Authentication

Lana uses JSON Web Tokens (JWT) for authentication.

The authentication process uses a hybrid state model. Client-side state is stored in the JWT itself, including session information, expiration date, and other utility information. The system keeps another portion of the state server-side, enabling specific actions to occur without requiring JWT token invalidation. For example, a staff member's privileges can be altered or suspended with immediate effect, regardless of the validity of their JWT.

API calls such as usersCreate and authLogin return JWT tokens.

To execute authenticated API requests, include the JWT as part of the Authorization HTTP header value.