The TingTing API uses two token types:
- JWT access token — returned as an
HttpOnly cookie after login. Used to call the Refresh and Generate API Token endpoints.
- API token — a long-lived Bearer token used in the
Authorization header for all other API requests.
For most API usage, you only need an API token. Log in once, generate your token, then include it as Authorization: Bearer <your_api_token> on every request.
Login
Authenticate with your email and password to start a session. The API sets an HttpOnly JWT access cookie and a refresh cookie in the response.
POST https://app.tingting.io/api/v1/auths/login/
Request
curl --request POST \
--url https://app.tingting.io/api/v1/auths/login/ \
--header 'Content-Type: application/json' \
--data '{
"email": "test@gmail.com",
"password": "test"
}'
| Parameter | Type | Required | Description |
|---|
email | string | Yes | Your account email. |
password | string | Yes | Your account password. |
Response
{
"has_logged_in": true,
"message": "Login Successful"
}
HttpOnly cookies: the JWT access token (expires in 1 day) and the refresh token.
Refresh access token
Exchange a valid refresh cookie for a new access token. No request body is required — the API reads the refresh token from your cookie automatically.
POST https://app.tingting.io/api/v1/auths/login/refresh/
Request
curl --request POST \
--url https://app.tingting.io/api/v1/auths/login/refresh/ \
--header 'Cookie: refresh=<your-refresh-token>'
Response
{
"message": "Session Refreshed Successfully"
}
400 — missing or invalid refresh token
{
"message": "No refresh token provided"
}
{
"detail": "Invalid token payload."
}
{
"detail": "Account is not activated."
}
{
"message": "Failed To Refresh The Session"
}
Generate API token
Generate a new API token for use in the Authorization header. Each call soft-deletes your previous token and returns a fresh one.
POST https://app.tingting.io/api/v1/auths/generate-api-keys/
This endpoint requires a JWT access token (from login), not an API token. Include it as a Bearer token in the Authorization header.
Request
curl --request POST \
--url https://app.tingting.io/api/v1/auths/generate-api-keys/ \
--header 'Authorization: Bearer <your_access_token>'
Response
{
"token": "7acbdcd5619e4b9eaaad8e41dabb7032298e1acdf8fcd99bfae70561b51cdee7",
"message": "New API token generated successfully"
}
Generating a new token invalidates your previous one. Any integrations using the old token will stop working immediately.
Get API token
Retrieve your current API token along with its creation and last-used timestamps.
GET https://app.tingting.io/api/v1/auths/get-api-keys/
Request
curl --request GET \
--url https://app.tingting.io/api/v1/auths/get-api-keys/ \
--header 'Authorization: Bearer <your_access_token>'
Response
{
"token": "39106a38ac483eb4625308fe98411588",
"last_used": "2025-02-20T14:30:00.000Z",
"created_at": "2025-03-14T14:30:00.000Z"
}
{
"message": "No API token found. Please generate one first."
}
User profile
Retrieve the profile information for the currently authenticated user.
GET https://app.tingting.io/api/v1/auths/user-profile/
Request
curl --request GET \
--url https://app.tingting.io/api/v1/auths/user-profile/ \
--header 'Authorization: Bearer <your_api_token>'
Response
{
"id": 35,
"user": {
"first_name": "Ram",
"last_name": "Thapa",
"username": "ramthapa",
"email": "ram.thapa639@gmail.com"
},
"profile_picture": "https://app.tingting.io/media/account/1/profile.jpg",
"contact_no": "9808365218",
"address": "Lalitpur",
"is_verified_contact": true
}