Authentication Layer

Billx-Agent secures every API call using industry-standard JWT-based authentication combined with Role-Based Access Control (RBAC).

This layer ensures that:

✅ Token Validation

  • All protected endpoints require a valid JWT token in the Authorization header:

    Authorization: Bearer eyJhbGciOi...

  • If the token is missing, expired, or tampered with, the request is rejected with 401 Unauthorized.

🧑‍💼 Identity & Organization Resolution

  • The token payload includes user ID, email, and assigned role.

  • The system automatically scopes access based on:

    • User's organization

    • Assigned role (e.g. admin, user)

    • Request context (e.g. if they’re accessing their own usage vs another’s)

🔐 Role-Based Access Control (RBAC)

Access is controlled using predefined roles:

Role
Description

User

Default for most consumers; can query data

Admin

Can manage users in their org, view usage logs

Super Admin

Full system access (roles, quotas, billing)

Admin-only endpoints are automatically guarded by middleware (RoleChecker dependency).

🗑 Token Revocation with Redis

Billx-Agent uses Redis to support token blacklisting on logout or security events.

  • Tokens are stored in a Redis blocklist after logout.

  • If a blacklisted token is used, it's rejected automatically.

  • This provides immediate revocation without waiting for expiry.

🔐 The authentication layer is fast, stateless, and secure — designed for API-first environments, dashboards, or 3rd-party SaaS integrations.

PreviousHelp & SupportNextInput Handler (Text / Voice)

Last updated