External APIs

This document lists external APIs and third-party services integrated with the EMTB Tax Claim Management System.

No External Authentication Services

The system uses JWT-based authentication implemented directly in the NestJS backend. User credentials, roles, and permissions are managed internally in the PostgreSQL database.

Authentication Flow:

User credentials are validated against the users table in the database
Upon successful authentication, a JWT token is generated containing user claims (id, role, client_access)
JWT tokens are signed using a secret key and include standard claims (exp, iat, sub)
All API requests validate the JWT token to extract user context for authorization

User Management:

User creation and role assignment handled through internal API endpoints
Password hashing performed using bcrypt or argon2 before storage
Role and client access permissions stored in the users table

No External Authentication Services​

No External Authentication Services