gRPC Authentication
This section describes the gRPC interface of the messaging platform.
The gRPC API provides high-performance access to authentication and SMS messaging functionality. It is intended for internal services and high-throughput clients.
The API exposes two main services:
- Auth Service — user management and authorization (this page)
- SMS Service — message submission and delivery tracking (gRPC Messaging)
gRPC Transport
The gRPC server accepts connections over HTTP/2.
| Parameter | Value |
|---|---|
| Protocol | gRPC (HTTP/2) |
| Default Port | 44044 |
| TLS | Disabled by default (plaintext) |
| Timeout | Configurable via grpc.timeout in config_local.yaml (default: 1h) |
Example endpoint:
127.0.0.1:44044
Authentication
All protected gRPC endpoints require authentication via metadata headers.
The following metadata must be provided with each request:
| Header | Type | Required | Description |
|---|---|---|---|
authorization | string | Yes | Bearer JWT token obtained from Login |
app_id | string | Yes | Numeric application identifier assigned during registration |
Example metadata:
authorization: Bearer eyJhbGciOiJIUzI1NiIs...
app_id: 1
Obtaining a Token
Tokens are obtained through the Login RPC:
grpcurl \
-plaintext \
-d '{"app_id":1,"email":"admin@example.com","password":"password"}' \
'127.0.0.1:44044' \
auth.Auth.Login
Response:
{
"token": "eyJhbGciOiJIUzI1NiIs..."
}
The token must be included in all subsequent gRPC calls. Tokens expire after the duration configured in security.token_ttl (default: 12 hours).
Testing with grpcurl
The gRPC API can be tested using grpcurl.
Example request with authentication:
grpcurl \
-plaintext \
-H 'authorization: Bearer <jwt-token>' \
-H 'app_id: 1' \
-emit-defaults \
-d '{"text":"example message"}' \
127.0.0.1:44044 \
sms.v1.SmsService/CheckTextLen
Auth Service
Authentication service responsible for user management and authorization.
Service name:
auth.Auth
Register
Registers a new user account.
rpc Register(RegisterRequest) returns (RegisterResponse)
Request Fields
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Unique email address for the new account |
password | string | Yes | Account password |
{
"email": "user@example.com",
"password": "secure-password"
}
Response Fields
| Field | Type | Description |
|---|---|---|
user_id | int64 | Unique identifier assigned to the new user. Also used as app_id for API access |
{
"user_id": 1
}
Errors
| gRPC Code | Condition |
|---|---|
INVALID_ARGUMENT | Missing or invalid email/password |
ALREADY_EXISTS | Email address is already registered |
Login
Authenticates a user and returns a JWT token.
rpc Login(LoginRequest) returns (LoginResponse)
Request Fields
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Registered email address |
password | string | Yes | Account password |
app_id | int64 | Yes | Application identifier (same as user_id from registration) |
{
"email": "admin@example.com",
"password": "password",
"app_id": 1
}
Response Fields
| Field | Type | Description |
|---|---|---|
token | string | JWT token for authenticating subsequent requests |
{
"token": "eyJhbGciOiJIUzI1NiIs..."
}
Errors
| gRPC Code | Condition |
|---|---|
UNAUTHENTICATED | Invalid email, password, or app_id |
IsAdmin
Checks whether a user has administrator privileges.
rpc IsAdmin(IsAdminRequest) returns (IsAdminResponse)
Request Fields
| Field | Type | Required | Description |
|---|---|---|---|
user_id | int64 | Yes | User identifier to check |
{
"user_id": 1
}
Response Fields
| Field | Type | Description |
|---|---|---|
is_admin | bool | true if the user has admin privileges |
{
"is_admin": true
}
DeleteUser
Removes a user account from the system.
rpc DeleteUser(DeleteUserRequest) returns (DeleteUserResponse)
Request Fields
| Field | Type | Required | Description |
|---|---|---|---|
user_id | int64 | Yes | User identifier to delete |
{
"user_id": 3
}
Response Fields
| Field | Type | Description |
|---|---|---|
result | bool | true if the user was successfully deleted |
{
"result": true
}
Errors
| gRPC Code | Condition |
|---|---|
NOT_FOUND | User with the specified ID does not exist |
gRPC Error Codes
The platform uses standard gRPC status codes. Common codes across all endpoints:
| gRPC Code | HTTP Equivalent | Description |
|---|---|---|
OK | 200 | Request succeeded |
INVALID_ARGUMENT | 400 | Malformed request or missing required fields |
UNAUTHENTICATED | 401 | Missing or invalid JWT token, missing app_id metadata |
PERMISSION_DENIED | 403 | Client IP not in whitelist, or insufficient privileges |
NOT_FOUND | 404 | Requested resource does not exist |
ALREADY_EXISTS | 409 | Duplicate resource (e.g., email already registered) |
RESOURCE_EXHAUSTED | 429 | Rate limit exceeded |
INTERNAL | 500 | Server-side error (SMPP failure, storage error) |
UNAVAILABLE | 503 | Service temporarily unavailable |
Error responses include a human-readable message field describing the specific failure.
Service Summary
| Service | Method | Description |
|---|---|---|
| Auth | Register | Register a new user account |
| Auth | Login | Authenticate and obtain JWT token |
| Auth | IsAdmin | Check administrator privileges |
| Auth | DeleteUser | Remove a user account |