Skip to main content


Amani REST API uses JSON Web Token authentication. There are two types of tokens used in the Amani system:

  • User token: Token obtained by logging in to the system. With the user token, users can perform all actions within their permission groups.

  • Profile token: Token obtained by creating a profile. With the profile token, users can only perform actions related to that profile.


On server side you must first login with your credentials and get a user token for next steps. This token should be used only on server side requests and not used on Web SDK link.

curl '<base_url>/api/v2/user/login' \
-H 'Content-Type: application/json' \
--data '{
"username": "",
"password": "password"

Response includes the user information, refresh token and access token you can use for the rest of the API requests.

"id": "user uuid",
"username": "username",
"first_name": "first name",
"last_name": "last name",
"phone": "phone number",
"refresh": "refresh token",
"access": "access token",
"groups": [
// permission group of the user
"company_id": "company uuid",
"permissions": [
// list of permissions user have

Refresh Token

You can refresh your user or profile token.

curl '<base_url>/api/v2/token/refresh/' \
-H 'Content-Type: application/json' \
--data '{
"refresh": "<profile_refresh_token>/<user_refresh_token>"


"access": "<new_profile_token>/<new_user_token>"