> Portal Navigation:
> 
> - Append `.md` to any URL under `https://dev.wix.com/docs/` to get its markdown version.
> - Pages are either content pages (article or reference text) or menu pages (a list of links to child pages).
> - To get a menu page, truncate any URL to a parent path and append `.md` (e.g. `https://dev.wix.com/docs/sdk.md`, `https://dev.wix.com/docs/sdk/core-modules.md`).
> - Top-level index of all portals: https://dev.wix.com/docs/llms.txt
> - Full concatenated docs: https://dev.wix.com/docs/llms-full.txt

## Resource: Introduction

## Article: Introduction

## Article Link: https://dev.wix.com/docs/api-reference/business-management/headless/authentication/introduction.md

## Article Content:

# About the Authentication API

The Wix Authentication API enables you to implement custom member registration and login for [headless projects](https://dev.wix.com/docs/go-headless.md). 
Use this API to manage user authentication, while ensuring secure access.

With the Wix Authentication API, you can:
- Register new members and manage their authentication tokens.
- Log in existing members and maintain their session tokens for secure access.
- Authenticate members without passwords using Sign On, which automatically handles account creation when needed.
- Manage member passwords for authenticated users.
- Handle secure logout flows with optional redirects.

After successful authentication, use the returned `sessionToken` to [get the site member's access and refresh tokens](https://dev.wix.com/docs/go-headless/develop-your-project/self-managed-headless/authentication/members/custom-login-page/custom-login/custom-login-using-the-rest-api.md) for ongoing API access. 

> **Note:** You can use the [Redirects API](https://dev.wix.com/docs/api-reference/business-management/headless/redirects/introduction.md) to let Wix handle authentication if you prefer a managed solution.

## Session token management

After successful authentication, you receive a `sessionToken` that serves as proof of authentication:

1. **Getting access tokens**: Use the session token to obtain access and refresh tokens for API calls, or to convert to session cookie which will act as a refresh token.
2. **Token lifecycle**: Session tokens have limited lifespans - implement refresh logic.

## Before you begin

It's important to note the following points before starting to code:

- The Authentication API requires proper CAPTCHA handling for security - implement CAPTCHA tokens where indicated.
- Session tokens are temporary - implement proper token refresh mechanisms.
- Password requirements are site-specific - validate requirements on the frontend for better user experience.
- Multi-factor authentication isn't currently supported.

## Use cases

- [Authenticate an existing member with email and password](https://dev.wix.com/docs/api-reference/business-management/headless/authentication/sample-flows.md).
- [Authenticate a member with Sign On (server-to-server)](https://dev.wix.com/docs/api-reference/business-management/headless/authentication/sample-flows.md).
- [Change a member's password](https://dev.wix.com/docs/api-reference/business-management/headless/authentication/sample-flows.md).
- [Log out a member](https://dev.wix.com/docs/api-reference/business-management/headless/authentication/sample-flows.md).

## Terminology

- **Session token**: A temporary token proving successful authentication, used to obtain access and refresh tokens for API calls.
- **State token**: A token required to continue multi-step authentication flows, such as multi-factor authentication.
- **CAPTCHA token**: A token used to verify that the registration or login request is made by a human and not a bot.

@sdk_package_setup