> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication & security

> Reference the auth and security fields used across Lerian APIs — OAuth2 tokens, webhook signatures, scopes, and component health checks.

This page covers every field related to authentication flows, security checks, webhook signatures, and component health.

## 1. OAuth2 and authorization fields

***

| Field        | Description               | Used in            |
| ------------ | ------------------------- | ------------------ |
| accessToken  | JWT access token          | Auth, Pix          |
| refreshToken | Refresh token             | Auth               |
| idToken      | OpenID Connect ID token   | Auth               |
| tokenType    | Token type (Bearer)       | Auth, Pix          |
| expiresIn    | Expiration time (seconds) | Auth, Pix          |
| grantType    | OAuth2 grant type         | Auth               |
| clientId     | OAuth2 client ID          | Auth, Pix, Flowker |
| clientSecret | OAuth2 client secret      | Auth, Pix          |
| username     | Username                  | Auth, Identity     |
| password     | Password                  | Auth, Identity     |
| scope        | Requested scope           | Auth, Pix          |
| scopes       | Scopes list               | Flowker            |
| sub          | Subject identifier        | Auth               |
| aud          | Audience                  | Auth               |
| iss          | Issuer                    | Auth               |
| iat          | Issued at                 | Auth               |
| exp          | Expiration                | Auth               |
| nbf          | Not before                | Auth               |
| jti          | JWT ID                    | Auth               |
| active       | Token active flag         | Auth               |
| authorized   | Authorization result      | Auth               |
| resource     | Target resource           | Auth               |
| action       | Action on the resource    | Auth               |
| redirectUri  | OAuth redirect URI        | Flowker            |
| state        | OAuth opaque state        | Flowker            |

## 2. Webhooks and notifications

***

| Field                 | Description             | Used in |
| --------------------- | ----------------------- | ------- |
| X-Webhook-ID          | Webhook identifier      | Flowker |
| X-Webhook-Signature   | Webhook HMAC signature  | Flowker |
| idReqJdPi             | JD request identifier   | Pix     |
| pagador               | Pix payer               | Pix     |
| recebedor             | Pix receiver            | Pix     |
| valor                 | Pix value               | Pix     |
| dtHrOp                | Pix operation timestamp | Pix     |
| descricao             | Operation description   | Pix     |
| endToEndIdOriginal    | Original E2E ID         | Pix     |
| endToEndIdDevolucao   | Return E2E ID           | Pix     |
| codigoDevolucao       | Return reason code      | Pix     |
| motivoDevolucao       | Return reason           | Pix     |
| refundUrlNotification | Refund notification URL | Pix     |

## 3. Health and monitoring

***

| Field    | Description               | Used in               |
| -------- | ------------------------- | --------------------- |
| status   | General status            | Pix, JD Mock, Flowker |
| services | Dependent services status | Pix                   |
| database | Database status           | Pix                   |
| redis    | Redis status              | Pix                   |
| jd       | JD integration status     | Pix                   |
