Authentication & Security
Worxflow uses a robust authentication system powered by PocketBase with secure token management.
Login Process
Shop Owner Login
- Navigate to
/auth/shop-login - Enter your email and password
- System validates credentials against PocketBase
- Secure token stored in AsyncAuthStore
- Automatic token refresh every 30 minutes
Security Features
- Token-based authentication: JWT tokens with automatic refresh
- Secure storage: AsyncAuthStore for persistent sessions
- Role-based access: Shop owners, technicians, customers
- Multi-tenant isolation: Each shop's data is completely isolated
User Roles
Shop Owner
- Full access to all shop features
- Staff management capabilities
- Financial and analytics access
- Settings and configuration control
Technician
- Service order management
- Customer interaction
- Time tracking
- Limited reporting access
Service Writer
- Appointment scheduling
- Customer management
- Service recommendations
- Basic reporting
API Authentication
All API requests require authentication:
// Authentication header
Authorization: Bearer YOUR_TOKEN
Password Requirements
- Minimum 8 characters
- At least one uppercase letter
- At least one number
- At least one special character
Session Management
- Sessions expire after 7 days of inactivity
- Automatic refresh while active
- Secure logout clears all tokens