Swishing Auth API
Cognito-fronted authentication for the Swishing platform. Users land here
via the auth-web SPA, get routed to their tenant's Cognito user pool
(via tenant discovery in DynamoDB), and receive JWT tokens that all other
Swishing services consume.
This is internal architecture documentation, not a customer-facing API contract. Endpoints, payloads, and cookie names may change without notice; see the relevant service repos for the canonical wire format.
Authentication
- HTTP: Bearer Auth
- API Key: sessionCookie
Cognito-issued access or ID token.
Security Scheme Type: | http |
|---|---|
HTTP Authorization Scheme: | bearer |
Bearer format: | JWT |
Session cookies issued by this service (sw_id, sw_access, sw_refresh, sw_state). The cookie prefix is configurable via SESSION_COOKIE_PREFIX.
Security Scheme Type: | apiKey |
|---|---|
Cookie parameter name: | sw_id |