Skip to main content
This guide walks you through logging in, obtaining a JWT token, and calling a protected endpoint. You need curl and a running instance of WebCorporativa API.
1

Log in to get a token

Send a POST request to /api/Auth with your username, password, and a valid Cloudflare Turnstile captcha token.
curl --request POST \
  --url https://<your-api-host>/api/Auth \
  --header 'Content-Type: application/json' \
  --data '{
    "UserName": "admin",
    "Password": "Admin123456!",
    "CaptchaToken": "<turnstile-response-token>"
  }'
The captchaToken field must contain a valid token generated by the Cloudflare Turnstile widget on your login page. During local development you can use the Turnstile test secret key, which accepts any token value. See the Cloudflare Turnstile testing docs for test keys.
A successful response returns a JSON object containing your JWT token:
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
2

Copy the JWT token

Copy the value of the token field from the response. You will include this in the Authorization header of every subsequent request.Tokens expire after 30 minutes. When a request returns 401 Unauthorized, repeat step 1 to obtain a new token.
Store the token in an environment variable so you can reuse it across requests without pasting it repeatedly:
TOKEN="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
3

Call a protected endpoint

Use the token to call GET /api/Usuario/mi-perfil, which returns the profile and permissions for the authenticated user.
curl --request GET \
  --url https://<your-api-host>/api/Usuario/mi-perfil \
  --header "Authorization: Bearer $TOKEN"
4

Interpret the response

A successful response contains the authenticated user’s details and their assigned profile:
{
  "exito": true,
  "data": {
    "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    "userName": "admin",
    "nombrePerfil": "Administrador Master",
    "imagen": "https://res.cloudinary.com/example/image/upload/v1/usuarios/admin.jpg",
    "activo": true
  }
}
FieldDescription
exitotrue when the request succeeds.
data.idThe user’s unique identifier (GUID).
data.userNameThe user’s login username.
data.nombrePerfilThe display name of the assigned profile.
data.imagenCloudinary URL for the user’s avatar. null if no avatar has been uploaded.
data.activoWhether the account is currently active.
If you receive 401 Unauthorized, your token has expired or is malformed. Repeat step 1 to get a new token.

What’s next

Authentication overview

Learn how token expiration, captcha validation, and user registration work.

Profiles and permissions

Understand how profiles and per-module permissions are structured.

Dynamic menu

Use GET /api/Menu to drive navigation from server-side permissions.

API Reference

Full request and response details for every endpoint.

Build docs developers (and LLMs) love

Get started for freeTalk to us