> ## Documentation Index
> Fetch the complete documentation index at: https://developers.partoo.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Authenticate

## Authenticate a User with the Connection Token

Most Partoo App views require an authenticated user. This is done using a short-lived, one-time **connection token** generated through the Partoo REST API.

### Authentication Flow

To authenticate a user:

1. Your backend requests a connection token from Partoo using the REST API.
2. You embed the token in the page rendered to your frontend.
3. Your frontend initializes the SDK and logs in the user using the token.

```javascript theme={null}
partooPage.login('your-connection-token');
```

This login call triggers the following:

* The SDK sends the connection token to the Partoo login endpoint.
* Partoo validates the token and returns a JWT.
* The user is considered authenticated until the JWT expires.

<Warning>
  Connection tokens are **single-use** and **short-lived**. You must implement a system to regenerate a new token whenever a user accesses a protected view after the previous token expires.
</Warning>

```mermaid theme={null}
sequenceDiagram
    participant Client
    participant YourServer as Your server
    participant Partoo as Partoo server

    Client->>YourServer: 1. Request Partoo page using JS SDK
    YourServer->>Partoo: 2. Generate connection token for user
    Partoo->>YourServer: 3. Return connection token
    YourServer->>Client: 4. Serve HTML with SDK and token
    Client->>Partoo: 5. partooPage.login('token')
    Partoo->>Client: 6. Return JWT to keep session active
```

<Tip>
  Design your backend to detect expired JWTs and automatically request new connection tokens before loading protected views.
</Tip>