Authentication Guide

Welcome to the Authentication guide for the Smart Search API. This system is designed to provide secure and flexible access management using a client-user-token structure. Below is an overview of the system's components:

1. Clients: A client represents an entity (such as a company or application) that interacts with the Smart Search API. Each client can have multiple users associated with it. Client credentials are stored in environment variables, which are used to authenticate the creation of users.

2. Users: A user is an individual account tied to a specific client. When users are created via the /user endpoint, they are automatically assigned to a fixed client, which is determined by the client credentials configured in the environment variables.

3. Tokens: A token is used to authenticate API requests. Users can generate tokens based on their identifier and secret. These tokens are required to authenticate and authorize requests to protected API endpoints.

4. Master User: The Master user has the highest level of access within the system. Only the Master user can create new clients or users. The Master's credentials (username and password) are securely stored in environment variables (MASTER_USERNAME and MASTER_PASSWORD) and are used for authentication when performing these operations.

This authentication system ensures secure access control, allowing the Master user to manage client and user creation, while enabling users to authenticate their API requests through tokens.