Authentication

The Batchmates API uses two authentication methods depending on your use case: JWT tokens for mobile/stateless clients and session-based authentication for web admin interfaces.

JWT Authentication (Mobile)

JWT tokens are used for mobile applications and stateless API clients.

Login

Name
email
Type
string
Description
User email address
Name
password
Type
string
Description
User password

Request

POST

/v1/mobile/auth/login

curl https://batchmates-v2.revlv.com/api/v1//mobile/auth/login \
  -d email="donor@example.com" \
  -d password="password"

Response

{
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGc...",
  "token_type": "bearer",
  "expires_in": 3600,
  "refresh_token": "def502..."
}

Using the Token

Include the JWT token in the Authorization header:

curl https://batchmates-v2.revlv.com/api/v1//campaigns \
  -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGc..."

Refresh Token

Tokens expire after 1 hour. Use the refresh token to get a new access token.

Request

POST

/v1/mobile/auth/refresh

curl https://batchmates-v2.revlv.com/api/v1//mobile/auth/refresh \
  -H "Authorization: Bearer {refresh_token}"

Session Authentication (Web)

Session-based authentication is used for browser-based admin interfaces.

Login

Establishes a session cookie for subsequent requests.

Request

POST

/v1/web/auth/login

curl https://batchmates-v2.revlv.com/api/v1//web/auth/login \
  -d email="admin@institution.edu" \
  -d password="password" \
  -c cookies.txt

Using Sessions

curl https://batchmates-v2.revlv.com/api/v1//campaigns \
  -b cookies.txt

Role-Based Access

Batchmates uses role-based permissions:

system_admin - Full system access
institution_admin - Manage institution campaigns and users
committee_member - Approve campaigns, manage withdrawals
donor - Create donations, view campaigns