Auth & Email Verification Endpoints
Authentication, registration, password management, and email verification endpoints.
Base Pathโ
/api/auth
Authenticationโ
Loginโ
POST /api/auth/login
Request Body:
{
"email": "user@example.com",
"password": "your-password"
}
Response 200 OK:
{
"user": { "id": "uuid", "email": "user@example.com", "name": "John" },
"token": "jwt-access-token",
"refresh_token": "jwt-refresh-token"
}
Registerโ
POST /api/auth/register
Request Body:
{
"user": {
"firstName": "John",
"lastName": "Doe",
"email": "john@example.com",
"password": "SecureP@ss123"
},
"password": "SecureP@ss123",
"confirmPassword": "SecureP@ss123"
}
Refresh Tokenโ
POST /api/auth/refresh-token
Request Body:
{
"refresh_token": "jwt-refresh-token"
}
Check Authโ
GET /api/auth/check
Authorization: Bearer {token}
Validates the current JWT token.
Password Managementโ
Request Password Resetโ
POST /api/auth/reset-password
Request Body:
{
"email": "user@example.com"
}
Change Passwordโ
POST /api/auth/change-password
Authorization: Bearer {token}
Request Body:
{
"currentPassword": "old-password",
"newPassword": "new-password",
"confirmPassword": "new-password"
}
Email Verificationโ
Send Verification Emailโ
POST /api/auth/email/verify/resend-verification-code
Authorization: Bearer {token}
Verify Emailโ
POST /api/auth/email/verify/code
Request Body:
{
"email": "user@example.com",
"code": 123456
}
Email Checkโ
Check Email Availabilityโ
POST /api/email-check/validate
Request Body:
{
"email": "check@example.com"
}
Email Resetโ
Request Email Changeโ
POST /api/email-reset/request-change
Authorization: Bearer {token}
Request Body:
{
"email": "new@example.com"
}
Verify Email Changeโ
POST /api/email-reset/verify
Authorization: Bearer {token}
Social Authโ
Google OAuthโ
GET /api/auth/google
GET /api/auth/google/callback
GitHub OAuthโ
GET /api/auth/github
GET /api/auth/github/callback
Microsoft OAuthโ
GET /api/auth/microsoft
GET /api/auth/microsoft/callback
Facebook OAuthโ
GET /api/auth/facebook
GET /api/auth/facebook/callback
Securityโ
- Passwords require minimum 8 characters, uppercase, lowercase, number, special character
- Failed login attempts are rate-limited
- JWT tokens have configurable expiration
- Refresh tokens are single-use
- Email verification codes expire after 10 minutes
Related Pagesโ
- JWT Authentication โ JWT details
- Social Auth โ OAuth providers
- Password Security โ password policies