Skip to main content
InteraOne uses separate authentication contexts for operators, widget visitors, and the internal AI service.

Operator JWTs

Access and refresh tokens are signed with different secrets. Their payload includes user ID, email, active organization ID, and token type. The gateway does not trust the role from the token: authentication reloads the accepted membership and derives the current organization role.

Signup and login

1

Initiate signup

Send name and email to /auth/initiate-signup. The gateway rate-limits the request and sends an email-verification challenge.
2

Verify the code

Send email, six-character code, and type: email_verification to /auth/verify-otp when the UI flow requires explicit verification.
3

Complete signup

Send email, organizationName, a password of at least eight characters, and optional domain to /auth/complete-signup.

Select an organization

Switching verifies the membership and returns fresh tokens whose active organization ID matches the selection.

Refresh

Store refresh tokens in a secure, non-script-readable location where your application architecture permits. Rotate tokens after refresh if the response provides a replacement and discard them on logout.

Other authentication contexts

The widget exchanges public configuration/visitor context for a short-lived token whose JWT type is widget_session. Widget middleware rejects operator tokens and scopes the resulting connection.
Internal tool endpoints use x-ai-tool-secret. The header is only for trusted service-to-service calls on a private network.
Email, Twilio, Telegram, and billing callbacks use provider-specific verification and rate limits rather than operator JWTs.
Replace the example JWT and internal secrets before deployment. Never expose access tokens in URLs; although authentication contains a query-token compatibility path, URLs are commonly logged by proxies and browsers.
Last modified on July 17, 2026