GET
/api/auth/validate
Validate JWT token and return user data
URL:
https://hub.regardingwork.com/api/auth/validate
Method:
GETAuthentication:
Required (Bearer token)Content-Type:
application/json
Use Cases
Service Integration
Other RegardingWork services (Premium, Game, Display) use this endpoint to validate user tokens and ensure users are authenticated.
Security Validation
Verify that JWT tokens are valid, not expired, and not blacklisted before granting access to protected resources.
Request Headers
| Header | Required | Description |
|---|---|---|
Authorization |
Bearer {access_token} |
Example Request
GET /api/auth/validate HTTP/1.1
Host: hub.regardingwork.com
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Response
Success Response (200)
| Field | Type | Description |
|---|---|---|
valid |
boolean | Whether the token is valid |
user |
object | User profile data associated with the token |
{
"valid": true,
"user": { ← USER DATA IS HERE
"id": 4,
"username": "testhub", ← ACCESS WITH response.user.username
"email": "testhub@test.com", ← EMAIL NOW INCLUDED!
"email_verified": false,
"is_active": true,
"role": "USER",
"premium_tier": "FREE",
"created_at": "2025-08-28T11:48:45.124195",
"updated_at": "2025-08-28T11:48:45.124199",
"bio": null,
"website_url": null,
"profile_photo_url": null
},
"token_type": "access",
"expires_at": 1640995200
}
🚨 COMMON MISTAKE: Response Structure
❌ DON'T do this:
const username = response.username;
// This will be UNDEFINED!
// Causes "invalid user data" error
✅ DO this instead:
const username = response.user.username;
const email = response.user.email;
const userId = response.user.id;
// Email is NOW included in response!
// User data is nested under 'user' key
⚠️ FIELD NAMING: Token vs Access Token
Important: Hub authentication endpoints use different field names than typical JWT APIs:
Hub API returns:
{
"access_token": "eyJhbGci...",
"refresh_token": "eyJhbGci...",
"user": { ... }
}
Your code should use:
// ✅ Correct field names
const token = response.access_token;
const refresh = response.refresh_token;
const user = response.user;
Note: Field name is access_token, not token (unlike some JWT APIs)
Error Responses
| Status | Error | Description |
|---|---|---|
| 401 | Authorization header required | Missing Authorization header with Bearer token |
| 401 | Invalid token: Not enough segments | Malformed JWT token |
| 401 | Token has expired | JWT token is past expiration time |
| 401 | Token has been revoked | Token was blacklisted (user logged out) |
Example Error Response
{
"error": "Token has expired",
"valid": false
}
Code Examples
const validateToken = async (token) => {
try {
const response = await fetch('https://hub.regardingwork.com/api/auth/validate', {
headers: {
'Authorization': `Bearer ${token}`,
'Content-Type': 'application/json'
}
});
const data = await response.json();
if (response.ok && data.valid) {
console.log('Token is valid:', data.user);
return data.user;
} else {
console.log('Token is invalid:', data.error);
return null;
}
} catch (error) {
console.error('Validation error:', error);
return null;
}
};
// Usage (in middleware or auth check)
const token = localStorage.getItem('access_token');
const user = await validateToken(token);
if (user) {
// User is authenticated
console.log('Welcome', user.username);
} else {
// Redirect to login
window.location.href = '/login';
}
import requests
def validate_token(token):
"""Validate a JWT token with RegardingWork Hub"""
url = 'https://hub.regardingwork.com/api/auth/validate'
headers = {
'Authorization': f'Bearer {token}',
'Content-Type': 'application/json'
}
try:
response = requests.get(url, headers=headers)
data = response.json()
if response.status_code == 200 and data.get('valid'):
print('Token is valid:', data['user'])
return data['user']
else:
print('Token is invalid:', data.get('error'))
return None
except requests.RequestException as e:
print('Validation error:', e)
return None
# Usage (in Flask middleware)
from functools import wraps
from flask import request, jsonify
def require_auth(f):
@wraps(f)
def decorated(*args, **kwargs):
token = request.headers.get('Authorization', '').replace('Bearer ', '')
user = validate_token(token)
if not user:
return jsonify({'error': 'Authentication required'}), 401
return f(user=user, *args, **kwargs)
return decorated
# Validate token
curl -X GET https://hub.regardingwork.com/api/auth/validate \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
# Response
{
"valid": true,
"user": {
"id": 4,
"username": "testhub",
...
}
}
Try It Live
Test the validate endpoint. First login to get a token, then validate it: