# Authentication To create transactions on behalf of your users, you must first authenticate them. Paytrie uses a passwordless email-based authentication flow that returns a JWT token valid for 1 hour. ## Authentication flow ### Send login code Request a login code to be sent to the user's registered email. ### User receives code The user receives a 4-digit numeric code via email. ### Verify code Submit the code to receive a JWT token. ### Use token Include the JWT token in subsequent API requests. ## Quick start The user must already be registered and verified through the [Customer Onboarding](/docs/customer-onboarding) process before they can authenticate. ### 1. Send login code ```bash curl -X POST "https://api.paytrie.com/loginCodeSend?email=user@example.com" \ -H "x-api-key: your-api-key" ``` View complete request parameters and response schema ### 2. Verify code and get token After the user receives the 4-digit code via email: ```bash curl -X POST "https://api.paytrie.com/loginCodeVerify?email=user@example.com&login_code=1234" \ -H "x-api-key: your-api-key" ``` The response includes a JWT token: ```json { "message": "Email code validated", "status": "success", "token": "eyJhbGciOiJIUzI1NiIs..." } ``` View complete request parameters and response schema ## Using the JWT token Include the token in the `Authorization` header for authenticated requests: ```bash curl -X POST "https://api.paytrie.com/transaction" \ -H "x-api-key: your-api-key" \ -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \ -H "Content-Type: application/json" \ -d '{...}' ``` JWT tokens expire after 1 hour. If you receive an authentication error, request a new login code and re-authenticate the user.