Download OpenAPI specification:Download
Welcome to the HumHub auth module API reference. Humhub REST API supports the following Authentication Methods:
Uses standard HTTP Basic Authentication, requiring a username and password for each API request.
Include the username and password in the Authorization header for each request.
Example:
curl -X GET "https://yourhost/api/v1/auth/current" -H "Authorization: Basic $(echo -n 'username@example.com:password' | base64)"
Configuration:
Uses JSON Web Tokens (JWT) for authentication. Users authenticate via a login endpoint to obtain a JWT token, which is then used in subsequent requests. The auth_token has an expiration time (expired_at). You must obtain a new token after it expires.
Login Process:
Endpoint: POST /auth/login
{
"username": "username@example.com",
"password": "password"
}
{
"code": 200,
"message": "Authentication successful",
"auth_token": "eyJ0eXAiOiJKV1QiLC....tE_7_rLSX3vA",
"expired_at": "2025-04-23T12:00:00Z"
}
auth_token in the Authorization header as Bearer {auth_token} in subsequent requests.Example:
curl -X POST "https://yourhost/api/v1/auth/login" -H "Content-Type: application/json" -d '{"username":"username@example.com","password":"password"}'
curl -X GET "https://yourhost/api/v1/auth/current" -H "Authorization: Bearer your-auth-token"
Configuration:
Uses predefined bearer tokens created for each user in the HumHub Bearer Authentication settings.
Include the bearer token in the Authorization header as Bearer {your-bearer-token} for each request.
Example:
curl -X GET "https://yourhost/api/v1/auth/current" -H "Authorization: Bearer your-bearer-token"
Configuration:
Uses the same bearer tokens created in the Bearer Auth settings but passes them as a query parameter instead of a header.
Append the bearer token as a query parameter access-token={your-bearer-token} to the request URL.
Example:
curl -X GET "https://yourhost/api/v1/auth/current?access-token=your-bearer-token"
Configuration:
https://yourhost with the actual base URL of your HumHub instance.Credentials for login in app
| username required | string Your username or email address |
| password required | string |
{- "username": "username@example.com",
- "password": "password"
}{- "code": 200,
- "message": "string",
- "auth_token": "eyJ0eXAiOiJKV1QiLC .... tE_7_rLSX3vA",
- "expired_at": "string"
}{- "id": 14,
- "guid": "cd081891-d2e2-40d5-84a4-b47309e71c80",
- "display_name": "John Doe",
- "account": {
- "id": 14,
- "guid": "cd081891-d2e2-40d5-84a4-b47309e71c80",
- "username": "john.doe",
- "email": "john.doe@example.com",
- "visibility": 0,
- "status": 1,
- "tags": [
- "Administration",
- "Support",
- "HumHub"
], - "language": "DE",
- "time_zone": "Europe/Paris",
- "contentcontainer_id": 5,
- "authclient": "local",
- "authclient_id": "0123456789",
- "last_login": "2023-09-11 08:46:40"
}, - "profile": {
- "firstname": "John",
- "lastname": "Doe",
- "title": "Test user",
- "gender": "male",
- "street": "New Street 5",
- "zip": 80331,
- "city": "Munich",
- "country": "DE (ISO 3166 code)",
- "state": "string",
- "birthday_hide_year": 0,
- "birthday": "1990-01-01",
- "about": "string",
- "phone_private": "string",
- "phone_work": "string",
- "mobile": "string",
- "fax": "string",
- "im_skype": "string",
- "im_xmpp": "string",
- "url": "string",
- "url_facebook": "string",
- "url_linkedin": "string",
- "url_xing": "string",
- "url_youtube": "string",
- "url_vimeo": "string",
- "url_flickr": "string",
- "url_myspace": "string",
- "url_twitter": "string",
- "image_url": "string",
- "banner_url": "string"
}
}id of user to Impersonate
| userId required | integer id of user to Impersonate |
{- "userId": 1
}{- "token": "impersonated-YvyEVcbzCvg0wLjb9yXylj1bkbotlCwkKjNKTZD9xMO86o1G-V9p-wklm5pUdXhdkSGj5dk-l",
- "expires": 1681671865
}