> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wcr.is/llms.txt
> Use this file to discover all available pages before exploring further.

# JWT authentication API endpoints

> Obtain and verify JWT tokens via the WeCareRemote auth API. Successful verification returns the user's identity, role permissions, and organization.

The WeCareRemote authentication API provides two endpoints for token management: one to obtain a JWT token and one to verify a token and retrieve the associated user data. Both endpoints are hosted at `https://getme.global/api/v1/wordpress_auth` and require no prior authentication.

Use the token endpoint to get a JWT to send to the AI agent or recordings API. Use the verify endpoint when you need to confirm a token is still valid and read its associated user identity — for example, when accepting a JWT from a third-party caller.

## Get JWT token

Request a new JWT token. No authentication is required to call this endpoint.

**Endpoint:** `GET https://getme.global/api/v1/wordpress_auth/jwt_token`

### Response (success)

```json theme={null}
{
  "success": true,
  "jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
```

<ResponseField name="success" type="boolean">
  `true` if a token was successfully issued.
</ResponseField>

<ResponseField name="jwt_token" type="string">
  The JWT token string. Use this value as your Bearer token in subsequent API requests.
</ResponseField>

### Response (error)

If the token could not be issued, the endpoint returns:

```json theme={null}
{
  "success": false
}
```

### Example

```bash theme={null}
curl https://getme.global/api/v1/wordpress_auth/jwt_token
```

## Verify JWT token

Verify that a token is valid and retrieve the associated user data, including permissions and organization.

**Endpoint:** `POST https://getme.global/api/v1/wordpress_auth/verify_jwt_token`

### Request body

```json theme={null}
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
```

<ParamField body="token" type="string" required>
  The JWT token to verify.
</ParamField>

### Response (success)

```json theme={null}
{
  "success": true,
  "user": {
    "id": 42,
    "username": "jane_doe",
    "name": "Jane Doe",
    "email": "jane@example.org",
    "permissions": ["org_admin"],
    "organization": {
      "name": "Sunflower Care"
    }
  }
}
```

<ResponseField name="success" type="boolean">
  `true` if the token is valid.
</ResponseField>

<ResponseField name="user" type="object">
  The user object associated with the token.

  <Expandable title="user properties">
    <ResponseField name="id" type="integer">
      The unique numeric user ID.
    </ResponseField>

    <ResponseField name="username" type="string">
      The user's username.
    </ResponseField>

    <ResponseField name="name" type="string">
      The user's full display name.
    </ResponseField>

    <ResponseField name="email" type="string">
      The user's email address.
    </ResponseField>

    <ResponseField name="permissions" type="array">
      An array of role strings granted to the user. Common values include `"blog"` and `"org_admin"`.
    </ResponseField>

    <ResponseField name="organization" type="object">
      The organization the user belongs to.

      <Expandable title="organization properties">
        <ResponseField name="name" type="string">
          The name of the user's organization.
        </ResponseField>
      </Expandable>
    </ResponseField>
  </Expandable>
</ResponseField>

### Response (failure)

If the token is invalid or expired, the endpoint returns:

```json theme={null}
{
  "success": false
}
```

### Example

```bash theme={null}
curl -X POST https://getme.global/api/v1/wordpress_auth/verify_jwt_token \
  -H "Content-Type: application/json" \
  -d '{"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."}'
```

## Error handling

If token verification fails, `success` is `false` and no `user` object is returned. This typically means the token has expired or was tampered with.

<Note>If verification fails, request a new token from the `GET /jwt_token` endpoint and retry your operation. Do not attempt to decode or modify the token manually.</Note>
