Authentication Endpoints
Complete reference for the authentication API endpoints.
Loginβ
Email/Password Loginβ
POST /api/auth/login
Content-Type: application/json
Request Body:
{
"email": "admin@ever.co",
"password": "admin"
}
Response (200 OK):
{
"user": {
"id": "...",
"email": "admin@ever.co",
"firstName": "Admin",
"lastName": "User",
"tenantId": "...",
"role": {
"id": "...",
"name": "SUPER_ADMIN"
}
},
"token": "eyJhbGciOiJIUzI1NiIs...",
"refreshToken": "eyJhbGciOiJIUzI1NiIs..."
}
Magic Sign-In (Passwordless)β
Step 1 β Request magic code:
POST /api/auth/send-magic-code
Content-Type: application/json
{
"email": "user@example.com",
"appMagicSignUrl": "https://app.gauzy.co/#/auth/magic-sign-in",
"appName": "Gauzy"
}
Step 2 β Verify magic code:
POST /api/auth/magic-sign-in
Content-Type: application/json
{
"email": "user@example.com",
"code": "123456"
}
Response: same format as email/password login.
Registrationβ
Public Registrationβ
POST /api/auth/register
Content-Type: application/json
{
"user": {
"firstName": "John",
"lastName": "Doe",
"email": "john@example.com"
},
"password": "securePassword123"
}
note
Public registration creates a user without a tenant. The user must then create a tenant via POST /api/tenant to complete onboarding.
Admin-Initiated Registrationβ
POST /api/auth/register
Authorization: Bearer {admin_token}
Content-Type: application/json
{
"user": {
"firstName": "Jane",
"lastName": "Smith",
"email": "jane@example.com",
"role": { "id": "role-uuid" },
"tenant": { "id": "tenant-uuid" }
},
"password": "securePassword123",
"organizationId": "org-uuid"
}
Token Managementβ
Refresh Tokenβ
POST /api/auth/refresh-token
Content-Type: application/json
{
"refreshToken": "eyJhbGciOiJIUzI1NiIs..."
}
Response (200 OK):
{
"token": "new-access-token...",
"refreshToken": "new-refresh-token..."
}
Password Managementβ
Request Password Resetβ
POST /api/auth/request-password
Content-Type: application/json
{
"email": "user@example.com"
}
Sends a password reset email with a reset link.
Reset Passwordβ
POST /api/auth/reset-password
Content-Type: application/json
{
"token": "reset-token-from-email",
"password": "newSecurePassword123",
"confirmPassword": "newSecurePassword123"
}
Change Password (Authenticated)β
POST /api/auth/change-password
Authorization: Bearer {token}
Content-Type: application/json
{
"currentPassword": "oldPassword",
"newPassword": "newPassword",
"confirmPassword": "newPassword"
}
Email Verificationβ
Send Verification Emailβ
POST /api/auth/email/verify/send-verification-code
Authorization: Bearer {token}
Confirm Emailβ
POST /api/auth/email/verify
Content-Type: application/json
{
"token": "verification-token",
"email": "user@example.com"
}
Social OAuthβ
Initiate OAuth Flowβ
Redirect the user to the provider's authorization URL:
| Provider | Endpoint |
|---|---|
GET /api/auth/google | |
| GitHub | GET /api/auth/github |
GET /api/auth/facebook | |
GET /api/auth/twitter | |
GET /api/auth/linkedin | |
| Microsoft | GET /api/auth/microsoft |
OAuth Callbackβ
After the user authorizes, the provider redirects to:
GET /api/auth/{provider}/callback?code={auth_code}
The server exchanges the code for tokens and returns a JWT:
{
"token": "eyJhbGciOiJIUzI1NiIs...",
"refreshToken": "eyJhbGciOiJIUzI1NiIs...",
"user": { ... }
}
Current Userβ
Get Current User Profileβ
GET /api/user/me
Authorization: Bearer {token}
Response (200 OK):
{
"id": "...",
"email": "admin@ever.co",
"firstName": "Admin",
"lastName": "User",
"tenantId": "...",
"roleId": "...",
"role": {
"name": "SUPER_ADMIN",
"rolePermissions": [...]
},
"employee": { ... }
}
Error Responsesβ
| Status | Error | When |
|---|---|---|
400 | Bad Request | Invalid credentials format |
401 | Unauthorized | Wrong email/password, expired token |
403 | Forbidden | Account disabled, email not verified |
404 | Not Found | Email not registered |
429 | Too Many Requests | Rate limit exceeded |