Authentication API

Base URL

/api/auth

Endpoints

Public Endpoints

Authenticate a user using email and password.

Request Body:

{
  "email": "string",
  "password": "string"
}

Response:

{
  "token": "string",
  "refresh_token": "string",
  "user": {
    "id": "string",
    "email": "string",
    "name": "string"
  }
}

POST /logout

Log out the current user and invalidate the token.

Headers:

Authorization: Bearer <token>

Response:

{
  "message": "Logout successful"
}

POST /refresh

Refresh the access token using a valid refresh token.

Request Body:

{
  "refresh_token": "string"
}

Response:

{
  "token": "string",
  "refresh_token": "string"
}

Protected Endpoints

GET /session

Get information about the currently active user session.

Headers:

Authorization: Bearer <token>

Response:

{
  "user": {
    "id": "string",
    "email": "string",
    "name": "string"
  },
  "session_id": "string"
}

GET /me

Get the profile of the currently authenticated user.

Headers:

Authorization: Bearer <token>

Response:

{
  "id": "string",
  "email": "string",
  "name": "string",
  "created_at": "datetime",
  "updated_at": "datetime"
}

Error Responses

401 Unauthorized

{
  "error": "Invalid credentials"
}

403 Forbidden

{
  "error": "Access denied"
}

500 Internal Server Error

{
  "error": "Internal server error"
}

Base URL​

Endpoints​

Public Endpoints​

POST /login​

POST /logout​

POST /refresh​

Protected Endpoints​

GET /session​

GET /me​

Error Responses​

401 Unauthorized​

403 Forbidden​

500 Internal Server Error​

Base URL

Endpoints

Public Endpoints

POST /login

POST /logout

POST /refresh

Protected Endpoints

GET /session

GET /me

Error Responses

401 Unauthorized

403 Forbidden

500 Internal Server Error