> ## Documentation Index
> Fetch the complete documentation index at: https://docs.laportenard.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> JWT-based authentication for the POS API.

All API endpoints require JWT Bearer token authentication.

## Login

<Card>
  **POST** `/pos-api/v1/auth/login`
</Card>

Returns an access token and a refresh token.

### Request

```json theme={null}
{
  "login": "user@example.com",
  "password": "secret"
}
```

### Response

```json theme={null}
{
  "access_token": "eyJ...",
  "refresh_token": "eyJ...",
  "user": {
    "id": 1,
    "name": "John Doe",
    "role": "manager"
  }
}
```

## Using tokens

Include the access token in all subsequent requests:

```bash theme={null}
curl -X POST https://your-server/pos-api/v1/bootstrap \
  -H "Authorization: Bearer <access_token>" \
  -H "X-Device-Id: terminal-001" \
  -H "X-App-Version: 1.2.0+42" \
  -H "Content-Type: application/json"
```

### Required headers

| Header          | Description                        |
| --------------- | ---------------------------------- |
| `Authorization` | `Bearer <access_token>`            |
| `X-Device-Id`   | Unique identifier for the terminal |
| `X-App-Version` | Client app version string          |

## Minimum client version

The server enforces a minimum client version via the `nu_pos.min_client_version` system parameter. Clients below the required version receive a `CLIENT_OUTDATED` error response.
