Auth & Email Verification Endpoints
Authentication, registration, password management, and email verification endpoints.
Base Pathβ
/api/auth
Authenticationβ
Loginβ
POST /api/auth/login
Request Body:
{
"email": "user@example.com",
"password": "your-password"
}
Response 200 OK:
{
"user": { "id": "uuid", "email": "user@example.com", "name": "John" },
"token": "jwt-access-token",
"refresh_token": "jwt-refresh-token"
}
Registerβ
POST /api/auth/register
Request Body:
{
"user": {
"firstName": "John",
"lastName": "Doe",
"email": "john@example.com",
"password": "SecureP@ss123"
},
"password": "SecureP@ss123",
"confirmPassword": "SecureP@ss123"
}
Refresh Tokenβ
POST /api/auth/refresh-token
Request Body:
{
"refresh_token": "jwt-refresh-token"
}
Check Authβ
GET /api/auth/check
Authorization: Bearer {token}
Validates the current JWT token.
Password Managementβ
Request Password Resetβ
POST /api/auth/reset-password
Request Body:
{
"email": "user@example.com"
}
Change Passwordβ
POST /api/auth/change-password
Authorization: Bearer {token}
Request Body:
{
"currentPassword": "old-password",
"newPassword": "new-password",
"confirmPassword": "new-password"
}
Email Verificationβ
Send Verification Emailβ
POST /api/auth/email/verify/resend-verification-code
Authorization: Bearer {token}
Verify Emailβ
POST /api/auth/email/verify/code
Request Body:
{
"email": "user@example.com",
"code": 123456
}
Email Checkβ
Check Email Availabilityβ
POST /api/email-check/validate
Request Body:
{
"email": "check@example.com"
}
Email Resetβ
Request Email Changeβ
POST /api/email-reset/request-change
Authorization: Bearer {token}
Request Body:
{
"email": "new@example.com"
}
Verify Email Changeβ
POST /api/email-reset/verify
Authorization: Bearer {token}
Social Authβ
Google OAuthβ
GET /api/auth/google
GET /api/auth/google/callback
GitHub OAuthβ
GET /api/auth/github
GET /api/auth/github/callback
Microsoft OAuthβ
GET /api/auth/microsoft
GET /api/auth/microsoft/callback
Facebook OAuthβ
GET /api/auth/facebook
GET /api/auth/facebook/callback
Securityβ
- Passwords require minimum 8 characters, uppercase, lowercase, number, special character
- Failed login attempts are rate-limited
- JWT tokens have configurable expiration
- Refresh tokens are single-use
- Email verification codes expire after 10 minutes
Related Pagesβ
- JWT Authentication β JWT details
- Social Auth β OAuth providers
- Password Security β password policies