Authentication
Status: Current
Last reviewed: 2026-05-13
Use the login page to start a console session.
Sign In
Route: /login
- Enter a username.
- Enter the password.
- Click Sign In.
On success, the frontend stores:
nexus_token: JWT used as theAuthorization: Bearertoken.nexus_user: current user id, username, and role.
The console redirects to /dashboard.
Session Expiration
If an API call returns 401, the frontend removes nexus_token and redirects to /login.
Account Changes
The current user can update username and password from Settings. Changing username returns a new JWT and refreshes the stored user session.
Role Effects
The login response includes the account role. The backend enforces protected operations by role:
admin: all protected operations.operator: operational changes such as nodes, L3 tunnels, L4 chains, upstreams, and deployment.viewer: read-only access.