How does authentication work on E-Z?

E-Z uses a token-based authentication system with refresh tokens stored in cookies and access tokens in memory.

Authentication Flow

1.You log into your account

2. 2. A refresh token is stored in your browser cookies

3. 3. An access token is stored in the application's memory

4. 4. Access token refreshes every 15 minutes using the /auth/token endpoint

5. 5. Each refresh provides both a new access token and refresh token

•Refresh token cleared when browser closes

• Session ends immediately

•Refresh token persists for 7 days

• Token deleted after 7 days of inactivity

• Each site visit resets the 7-day timer

Never share your tokens with anyone

Use "Remember Me" only on trusted devices

Log out properly to clear all tokens

Enable 2FA for additional security

Tokens are encrypted and secure

API requests require a valid API key, separate from access tokens