Authentication

How to authenticate with the Studio Service API using JWT tokens.

Overview

All endpoints (except Health) require a Bearer JWT token. The tenantId is extracted from the JWT claims automatically via the @CurrentTenant() decorator. AI generation endpoints also check credit balance via wallet-svc.

ECS Fargate Deployment

studio-svc runs on AWS ECS Fargate (not Lambda). The staging ALB endpoint is available at http://eventzr-staging-alb-134677813.us-east-1.elb.amazonaws.com/studio/v1

Obtaining a JWT Token

curl -X POST https://535ubezkse.execute-api.us-east-1.amazonaws.com/auth/v1/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "dev@eventzr.com",
    "password": "Password123!"
  }'

# Response:
# {
#   "data": {
#     "accessToken": "eyJhbGciOiJSUzI1NiIs...",
#     "refreshToken": "eyJhbGciOiJSUzI1NiIs...",
#     "expiresIn": 3600
#   }
# }

Use the token with studio-svcbash

export TOKEN="<access-token-from-response>"

# Generate an image
curl -X POST http://eventzr-staging-alb-134677813.us-east-1.elb.amazonaws.com/studio/v1/images/generate \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -H "x-tenant-id: 00000000-0000-0000-0000-000000000001" \
  -d '{
    "prompt": "A vibrant tech conference poster with modern design",
    "width": 1024,
    "height": 1024,
    "provider": "dall-e-3"
  }'

Refresh an expired tokenbash

curl -X POST https://535ubezkse.execute-api.us-east-1.amazonaws.com/auth/v1/refresh \
  -H "Content-Type: application/json" \
  -d '{ "refreshToken": "eyJhbGciOiJSUzI1NiIs..." }'

Test Credentials

Staging Environment Credentials

Use these credentials to test the API in the Scalar playground above.

Role	Email	Password	Tenant ID
Developer	`dev@eventzr.com`	`Password123!`	`00000000-...-000001`
Admin	`admin@eventzr.com`	`Password123!`	`00000000-...-000001`

JWT Claims Structure

Decoded JWT payloadjson

{
  "sub": "user-uuid",
  "tenantId": "tenant-uuid",
  "email": "user@example.com",
  "roles": ["user", "organizer", "admin"],
  "planTier": "professional",
  "iat": 1740000000,
  "exp": 1740003600
}

Standard Headers

Header	Required	Description
`Authorization`	Yes	Bearer JWT token
`Content-Type`	POST/PUT/PATCH	application/json
`x-request-id`	No	Request trace ID (UUID), auto-generated if absent
`x-tenant-id`	Recommended	Tenant UUID for explicit tenant filtering
`Idempotency-Key`	No	Idempotency key for write operations (24h TTL)

Response Envelope

Standard response formatjson

{
  "data": { ... },
  "error": null,
  "page": {
    "next_cursor": "eyJwYWdlIjoyLCJsaW1pdCI6MjB9",
    "has_more": true,
    "limit": 20
  },
  "meta": {
    "request_id": "550e8400-e29b-41d4-a716-446655440000",
    "trace_id": "abc123",
    "tenant_id": "tenant-uuid"
  }
}

AI Credit Consumption

AI media generation operations consume credits from the user or team wallet. The service checks credit balance before processing and deducts on successful generation. If credits are insufficient, a 402 Payment Required response is returned.

Operation	Credits	Notes
Image generation	`20-50`	Varies by resolution and provider
Video generation	`100-500`	Varies by duration and quality
Audio / TTS	`10-30`	Per minute of audio generated
Music generation	`30-100`	Varies by duration (Suno AI)
Avatar / talking head	`50-200`	HeyGen, per minute of video
Poster / invitation	`15-40`	Includes AI layout + image gen
Presentation	`25-75`	Per slide (includes image gen)