G
Not authenticated — log in first
Authentication

Authentication Overview

Learn how to authenticate with the Glass Next API using JWT bearer tokens.

What this means in plain English

Before you can access most of the Vendor API, you need to prove who you are. Think of it like showing your ID at a building entrance — the API checks your credentials and gives you a temporary pass (a bearer token) that you show on every subsequent request.

Why authentication matters

The Glass Next API protects sensitive business data: your products, orders, customer information, and store settings. Authentication ensures that only authorized users and integrations can access this data.

How Glass authentication works

Glass uses JWT bearer tokens — an industry-standard approach used by Stripe, Supabase, and many modern APIs.

Here's the flow in simple terms:

  1. You log in via POST /api/v1/auth/login with your email and password.
  2. The API returns a token — a long encrypted string called an access_token, plus your user profile. If you have an active vendor membership, vendor details are included too.
  3. You include that token in every protected request using the Authorization header.
  4. The token expires after 7 days, and you log in again to get a new one.

Unified login

One REST endpoint handles all user types — platform admins, vendor team members, and buyers. You do not need separate login calls for different roles.

No API keys (for now)

The current G-Next API uses email/password login with JWT bearer tokens. API key authentication is not yet available. All examples in this documentation use the bearer token flow.

What you'll need

RequirementDescription
Glass accountAn active account on the Glass Next platform
Verified emailYour account must be verified before you can log in
HTTPSProduction requests must use HTTPS
storefrontIdRequired only for storefront-restricted buyer accounts without an active vendor membership

Authentication methods

Bearer token (primary)

After logging in, include your token in every request:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

This is the only authentication method currently supported.

Response shape

A successful login returns:

{
  "access_token": "eyJhbGciOiJIUzI1NiIs...",
  "user": { "id": "...", "email": "...", "role": "USER", "verified": true, "status": "ACTIVE" },
  "vendor": { "id": "...", "name": "...", "slug": "...", "status": "ACTIVE" }
}

The vendor field is null when the user has no active vendor membership (e.g. buyers and platform admins).

Getting started

  1. POST /auth/login — Login endpoint reference

Quickstart

Get up and running with the Glass Next Vendor API — authenticate once and test all endpoints.

Login

POST /auth/login — Authenticate with email and password to receive a bearer token.