Skip to content

Authentication & Authorization

This section details the endpoints for user authentication and authorization.

Register

Endpoint: POST /auth/register

Description: Register a new user account.

Request Body:

{
    "full_name": "Lex Lee",
    "email": "lex.lee@example.com",
    "password": "strongpassword123"
}

Response: 201 Created

{
    "status": "success",
    "message": "User registered successfully",
    "data": {
        "user": {
            "id": "123e4567-e89b-12d3-a456-426614174000",
            "full_name": "Lex Lee",
            "email": "lex.lee@example.com"
        },
        "access_token": "<ACCESS_TOKEN>",
        "refresh_token": "<REFRESH_TOKEN>"
    }
}

Login

Endpoint: POST /auth/login

Description: Log in to an existing user account.

Request Body:

{
    "email": "lex.lee@example.com",
    "password": "strongpassword123"
}

Response: 200 OK

{
    "status": "success",
    "message": "Login successful",
    "data": {
        "access_token": "your_access_token",
        "refresh_token": "<REFRESH_TOKEN>"
    }
}

Apple Login

Endpoint: POST /apple/auth

Description: Authenticate with Apple.

Request Body:

{
    "identityToken": "apple_identity_token",
    "user": {
        "name": {
            "firstName": "Jane",
            "lastName": "Doe"
        },
        "email": "jane.doe@example.com"
    }
}

Response: 200 OK

{
    "status": "success",
    "message": "Apple authentication successful",
    "data": {
        "access_token": "<ACCESS_TOKEN>",
        "refresh_token": "<REFRESH_TOKEN>",
        "user": {
            "id": "user_uuid",
            "email": "jane.doe@example.com",
            "full_name": "Jane Doe",
            "first_name": "Jane",
            "last_name": "Doe"
        }
    }
}

Refresh Token

Endpoint: POST /auth/refresh

Description: Obtain a new access token using a refresh token.

Request Body:

{
    "refresh_token": "your_refresh_token"
}

Response: 200 OK

{
    "access_token": "<ACCESS_TOKEN>",
    "refresh_token": "<REFRESH_TOKEN>"
}

Forgot Password

Endpoint: POST /auth/forgot-password

Description: Request a password reset OTP.

Request Body:

{
    "email": "lex.lee@example.com"
}

Response: 200 OK

{
    "message": "Password reset OTP sent to the user's email"
}

Reset Password

Endpoint: PATCH /auth/reset-password

Description: Reset the user's password using the OTP.

Request Body:

{
    "email": "lex.lee@example.com",
    "otp": "123456",
    "new_password": "new_strong_password"
}

Response: 200 OK

{
    "message": "Password has been reset successfully"
}

Resend Verification Email

Endpoint: POST /auth/resend-verification

Description: Resend the email verification link.

Request Body:

{
    "email": "lex.lee@example.com"
}

Response: 200 OK

{
    "message": "Verification email sent"
}

Verify Email

Endpoint: GET /auth/verify-email

Description: Verify a user's email address with the provided token.

Query Parameters: - token (string): The verification token sent to the user's email.

Response: 200 OK

{
    "message": "Email verified successfully"
}

Verify OTP

Endpoint: POST /auth/verify-otp

Description: Verify the OTP sent to the user for actions like password reset.

Request Body:

{
    "email": "lex.lee@example.com",
    "otp": "123456"
}

Response: 200 OK

{
    "message": "OTP verified successfully"
}