Authentication

The Safiri APIs uses JWT (JSON Web Tokens) for authentication.

Obtaining a Token

Endpoint: POST /api/logon

Request Body:

{
  "countryCode": "255",
  "phoneNumber": "743389051",
  "password": "your_password"
}

// or

{
  "email": "user@example.com",
  "password": "your_password"
}

Response:

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "uuid": "user-uuid",
    "email": "user@example.com",
    "fullName": "John Doe",
    "permissionLevel": 222
  }
}

Using the Token

Include the JWT token in the Authorization header for all protected endpoints:

curl -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  https://api.safiri.app/api/flight/search

Token Expiration

Currently, issued tokens do not expire, so you do not need to handle token refresh at this time.

tip

You can continue using this authentication method for now, but please note that it will be deprecated in the future in favor of JWK-based JWT authentication. See the JWK Authentication guide for more details.

Advanced: JWK Authentication

For third-party integrators who need to verify tokens or implement secure authentication flows, see our comprehensive guide on JWK Authentication.

This guide covers:

How JSON Web Key Sets (JWKS) work
Fetching and caching public keys
Code examples in Node.js, Python, PHP, and Java
Security best practices

Obtaining a Token​

Login Endpoint​

Using the Token​

Token Expiration​

Advanced: JWK Authentication​

Obtaining a Token

Login Endpoint

Using the Token

Token Expiration

Advanced: JWK Authentication