Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/viet2811/uk-travel-recommendation/llms.txt

Use this file to discover all available pages before exploring further.

The login endpoint is powered by djangorestframework-simplejwt’s built-in TokenObtainPairView. Providing a valid username and password returns two signed JSON Web Tokens: a short-lived access token that authorises individual API requests, and a long-lived refresh token that lets the client silently obtain new access tokens without asking the user to re-enter their credentials. The access token expires after 15 minutes and the refresh token after 30 days. All protected endpoints in this API expect the access token to be passed in the Authorization header as a Bearer token. No prior authentication is needed to call this endpoint itself.

Endpoint

MethodPOST
Path/api/user/token/
Auth requiredNo
Content-Typeapplication/json

Token lifetimes

TokenLifetimePurpose
access15 minutesAuthorise individual API requests via Authorization: Bearer <token>
refresh30 daysObtain a new access token via Refresh Token without re-login

Request Body

username
string
required
The username supplied during registration.
password
string
required
The account password. The value is compared against the stored hash — it is never echoed back in any response.

Responses

200 OK

Returned when credentials are valid. The response contains both tokens.
access
string
A signed JWT access token. Valid for 15 minutes from the time of issue. Include this value in the Authorization: Bearer <access> header on every protected request.
refresh
string
A signed JWT refresh token. Valid for 30 days from the time of issue. Store this securely and use it to obtain a new access token when the current one expires — see Refresh Token.
200 OK
{
  "access": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNzA5MDAwMDAwLCJpYXQiOjE3MDkwMDAwMDAsImp0aSI6ImFiY2QxMjM0IiwidXNlcl9pZCI6MX0.signature",
  "refresh": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTcxMTU5MjAwMCwiaWF0IjoxNzA5MDAwMDAwLCJqdGkiOiJ4eXo5ODc2IiwidXNlcl9pZCI6MX0.signature"
}

401 Unauthorized

Returned when the username does not exist or the password is incorrect. simplejwt does not distinguish between the two cases to prevent username enumeration.
401 Unauthorized
{
  "detail": "No active account found with the given credentials"
}
Storing tokens securely in React Native — never persist JWTs in AsyncStorage (plain-text). Use expo-secure-store (SecureStore.setItemAsync) to store both the access token and the refresh token in the device’s encrypted keychain. Retrieve them with SecureStore.getItemAsync before making API calls.

Examples

curl --request POST \
  --url http://localhost:8000/api/user/token/ \
  --header 'Content-Type: application/json' \
  --data '{
    "username": "jane_doe",
    "password": "secureP@ssw0rd"
  }'

Using the access token

Once you have the access token, attach it to every subsequent protected request in the Authorization header: 
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
When the access token expires after 15 minutes, use the Refresh Token endpoint to obtain a new one without requiring the user to log in again.

Build docs developers (and LLMs) love

Get started for freeTalk to us