# Authorization

<span style="color: rgb(0, 0, 0);">This document describes how to Sign-in and Authorize Flow API V1 requests.</span>

**<span style="color: rgb(0, 0, 0);">Get a CSRF token</span>**

```bash
curl --location 'https://api.flow.gl/v1/csrf'
```

Example response

```json
{
  "data": {
    "_csrf": "mBezzKZ8-5QAI_ivMHsYlz_EDU7atf-xj0oI"
  }
}
```

**Create session (Sign-in)**

```bash
curl --location 'https://api.flow.gl/v1/session' \
--header 'Content-Type: application/json' \
--data-raw '{
	"grant_type": "password",
	"email": "user@flow.gl",
	"password": "1234ABcd+",
    "_csrf": "mBezzKZ8-5QAI_ivMHsYlz_EDU7atf-xj0oI"
}'
--requests POST
```

Example response

```json
{
  "data": {
    "access_token": "a98a6dc92606d4ffc8e8e75574ea29e7",
    "token_type": "bearer",
    "expires_at": "2024-04-13T07:51:16.066Z",
    "created_at": "2024-03-14T07:51:16.066Z",
    "updated_at": "2024-03-14T07:51:16.066Z"
  }
}
```

Creating a session will set a cookie via `Set-Cookie` header, cookie name is `access\_token`.

```bash
Set-Cookie:
access_token=a98a6dc92606d4ffc8e8e75574ea29e7; HttpOnly; Secure;
```

Save `access\_token` and send with each other request via `Cookie` header.

**Check session state**

```bash
curl --location 'https://api.flow.gl/v1/user/me' \
--header "Cookie: access_token=a98a6dc92606d4ffc8e8e75574ea29e7"
```

Example response

```json
{
  "data": {
    "id": 2,
    "email": "user@flow.gl",
    "username": "user",
    "first_name": null,
    "last_name": null,
    "phone_number": null,
    "organization": null,
    "register_type": "regular",
    "metadata": null,
    "subscription": {
      "id": 2,
      "start_date": null,
      "end_date": "2032-02-10T07:02:31.212Z",
      "created_at": "2023-09-09T12:25:11.008Z",
      "updated_at": "2023-09-09T12:25:11.008Z"
    },
    "access_token": "a98a6dc92606d4ffc8e8e75574ea29e7",
    "ready_player_me_avatar_id": null
  }
}

```