TaskFlow Pro uses token-based authentication. Every request to a protected endpoint requires a valid access token obtained at login.
Creating an account
Go to /register and fill in the registration form with the following fields:
| Field | Required | Notes |
|---|
| Name | Yes | Cannot be blank |
| Email | Yes | Must be a valid email address; duplicates are rejected |
| Password | Yes | See password requirements below |
Password requirements
Your password must meet all of the following rules:
- At least 8 characters long
- Contains at least one uppercase letter (A–Z)
- Contains at least one number (0–9)
If your email address is already registered, the API returns a 400 Bad Request error. Use a different email or contact your Admin.
Logging in
Go to /login and enter your email address and password. The form validates both fields before submitting.
On success you are redirected to /dashboard and your session is stored automatically.
What you receive after login
The API returns a JSON response containing your user profile and an access token:
{
"usuario": {
"id": 42,
"nombre": "Alice",
"email": "alice@example.com",
"rol": 1
},
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Using your token in API requests
Include the access token in the Authorization header as a Bearer token:
curl https://api.taskflowpro.com/tareas \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
401 Unauthorized.
Token expiration
Access tokens expire after 30 minutes. Once your token expires, all API requests will return 401 Unauthorized.
/login to receive a new one. The application does not currently issue refresh tokens, so you will be signed out automatically after 30 minutes of inactivity.
Account deactivation
If your account has been deactivated by an Admin, you will see the following error when attempting to log in:
Usuario desactivado, comunicate con el administrador