Authentication

Looping Binary supports multiple authentication methods including JWT tokens, API keys, and OAuth 2.0 providers.

Security Best Practices

  • Never expose API keys in client-side code
  • Always use HTTPS for API requests
  • Store tokens securely (httpOnly cookies recommended)
  • Implement token refresh logic for long-lived sessions

JWT Token Authentication

JSON Web Tokens (JWT) are used for user authentication after login. Tokens expire after 7 days by default.

Login Flow

POST /api/auth/login
fetch('https://api.loopingbinary.com/api/auth/login', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify(({
    email: 'user@example.com',
    password: 'password123'
  })
})

Using JWT Token

Include the token in the Authorization header for authenticated requests:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

API Key Authentication

API keys are used for server-to-server communication and admin operations. Generate keys from your dashboard.

API Key Permissions

  • Read: View users, balances, and transactions
  • Write: Create users and transfer coins
  • Admin: Mint/burn coins, delete users, manage treasuries

Using API Keys

x-api-key: your_api_key_here

OAuth 2.0 Integration

LoopingBinary provides "Sign in with LoopingBinary" OAuth for seamless authentication across all connected platforms. This allows users to sign in with their LoopingBinary account on any integrated platform.

LoopingBinary OAuth

Sign in with LoopingBinary

Universal authentication across all platforms

Benefits of LoopingBinary OAuth

  • Single sign-on across all connected platforms
  • Automatic wallet and profile synchronization
  • No need for separate registration on each platform
  • Secure token-based authentication
  • Instant access to user's LBC coin balance

OAuth Flow

  1. User clicks "Sign in with LoopingBinary" on your platform
  2. User is redirected to LoopingBinary authorization page
  3. User authenticates with their LoopingBinary credentials
  4. User authorizes your application
  5. LoopingBinary redirects back with authorization code
  6. Your backend exchanges code for access token
  7. User is logged in with full profile and wallet access

For detailed OAuth integration instructions, see the OAuth Guide.

Token Refresh

JWT tokens expire after 7 days. Implement token refresh logic to maintain user sessions:

Token Refresh Logic
// Check if token is expired
const isTokenExpired = (token) => {
  const payload = JSON.parse(atob(token.split('.')[1]));
  return Date.now() >= payload.exp * 1000;
};

// Refresh token if needed
if (isTokenExpired(currentToken)) {
  // Re-authenticate user
  await login(email, password);
}

Error Handling

Common authentication errors and their meanings:

Status CodeErrorDescription
401UnauthorizedInvalid credentials or expired token
403ForbiddenInsufficient permissions for this action
429Too Many RequestsRate limit exceeded, try again later