Authentication

The ISE Parliament API uses JWT (JSON Web Tokens) for authentication, with optional MFA and RBAC.

Endpoint: POST /api/v1/auth/login

{
  "email": "member@parliament.ke",
  "password": "secure_password"
}

Response:

{
  "data": {
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expiresIn": 3600,
    "tokenType": "Bearer",
    "user": { "id": "uuid", "email": "...", "mfaRequired": false }
  }
}

Using the Token

Include in every authenticated request:

Authorization: Bearer <accessToken>

Token Refresh

Access tokens expire after 1 hour. Refresh:

Endpoint: POST /api/v1/auth/refresh

{
  "refreshToken": "<refresh_token_from_login>"
}

Public Endpoints

Per S.O. 252, some endpoints are publicly accessible without authentication (e.g. petitions list, broadcasts metadata). No Authorization header is required for those.

Login​

Using the Token​

Token Refresh​

Public Endpoints​

Login

Using the Token

Token Refresh

Public Endpoints