Lana use JSON Web Tokens (JWT) for authentication.

Our authentication process is a blend of state stored on the client side within the JWT itself, including session information, expiration date, and other unspecified utility information (which can be viewed within the JWT). Another portion of the state is kept server-side, allowing specific actions to be taken without necessitating JWT token invalidation. For instance, a staff member's privileges can be altered or suspended with immediate effect, regardless of the validity of their JWT.

JWT tokens are typically acquired as a response to API calls such as usersCreate, authLogin.

To execute authenticated API requests, include the JWT as part of the Authorization HTTP header value.