Log in to FinkiOpenDesk and use your JWT

After you have created your account — either as a student via email activation or as a general user via direct registration — you use POST /auth/login to obtain a JWT. That JWT goes into the Authorization: Bearer header of every call to a protected endpoint. This page walks through the login flow, shows how to wire up the token in both frontend and backend code, and covers the authenticated user-profile endpoints.

Log in

Call POST /auth/login

Send your email and password as JSON.

curl -X POST \
  https://finkiopendesk-be.onrender.com/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "you@example.com",
    "password": "YourPassword1!"
  }'

Request body:

Field	Type	Description
`email`	`string`	The email address you registered with
`password`	`string`	Your account password

Receive the JWT

A successful login returns 200 OK. The response body is the raw JWT string:

eyJhbGciOiJIUzI1NiJ9...

This token is valid for 24 hours. After it expires, call POST /auth/login again to get a fresh one.

Store and use the token

Include the token in the Authorization header of every request to a protected endpoint:

Authorization: Bearer <your_token>

See the Using the token section below for frontend and curl examples.

You cannot log in with a student account that has not been activated yet. Complete the email activation flow first — see Register as a student.

Using the token

curl
TypeScript (fetch)
TypeScript (axios)

Pass the token in the Authorization header on every protected request:

# Retrieve the authenticated user's profile
curl https://finkiopendesk-be.onrender.com/auth/user \
  -H "Authorization: Bearer <your_token>"

# Assign an academic program
curl -X POST \
  https://finkiopendesk-be.onrender.com/auth/user/program/CS \
  -H "Authorization: Bearer <your_token>"

# Remove the assigned program
curl -X DELETE \
  https://finkiopendesk-be.onrender.com/auth/user/program \
  -H "Authorization: Bearer <your_token>"

Store the token in localStorage after login, then read it back for each request:

// Login and store the token
async function login(email: string, password: string): Promise<void> {
  const res = await fetch(
    "https://finkiopendesk-be.onrender.com/auth/login",
    {
      method: "POST",
      headers: { "Content-Type": "application/json" },
      body: JSON.stringify({ email, password }),
    }
  );
  const token = await res.text();
  localStorage.setItem("token", token);
}

// Retrieve the authenticated user's profile
async function getUser() {
  const token = localStorage.getItem("token");
  const res = await fetch(
    "https://finkiopendesk-be.onrender.com/auth/user",
    {
      headers: { Authorization: `Bearer ${token}` },
    }
  );
  return res.json();
}

Use an axios interceptor so the token is attached automatically to every request — matching how the FinkiOpenDesk frontend works:

import axios from "axios";

const authprivate = axios.create({
  baseURL: "https://finkiopendesk-be.onrender.com/auth",
  headers: { "Content-Type": "application/json" },
});

// Attach the token to every request automatically
authprivate.interceptors.request.use((config) => {
  const token = localStorage.getItem("token");
  if (token) {
    config.headers.Authorization = `Bearer ${token}`;
  }
  return config;
});

// Usage — no manual header needed
const { data: user } = await authprivate.get("/user");

User-profile endpoints

All three endpoints below require a valid Authorization: Bearer <token> header.

GET /auth/user

Returns the profile of the currently authenticated user.

curl https://finkiopendesk-be.onrender.com/auth/user \
  -H "Authorization: Bearer <your_token>"

Response — example:

{
  "userId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "email": "you@example.com",
  "student": true,
  "enabled": true,
  "selectedProgram": null
}

POST /auth/user/program/

Assigns an academic program to your account. The programId path parameter is the identifier of the program you want to select.

curl -X POST \
  https://finkiopendesk-be.onrender.com/auth/user/program/CS \
  -H "Authorization: Bearer <your_token>"

Returns 200 OK with an empty body on success.

DELETE /auth/user/program

Removes the currently assigned academic program from your account.

curl -X DELETE \
  https://finkiopendesk-be.onrender.com/auth/user/program \
  -H "Authorization: Bearer <your_token>"

Returns 200 OK with an empty body on success.

Token reference

Property	Value
Algorithm	HS256
Lifetime	24 hours
Subject claim (`sub`)	User UUID
Additional claims	`email`, `student` (boolean)
Transport	`Authorization: Bearer <token>` header

The FinkiOpenDesk frontend stores the JWT in localStorage under the key "token". If you are building a client application, this is a straightforward place to persist it, but consider your application’s security requirements before doing the same.

Error reference

Scenario	HTTP status
Missing or invalid token	`401 Unauthorized`
Expired token	`401 Unauthorized`
Wrong email or password	`500` (invalid credentials)
Account not activated (student)	`500` (user not activated)

Get Started

Core Features

Authentication

Deployment

Log in to FinkiOpenDesk and use your JWT

Log in

Using the token

User-profile endpoints

GET /auth/user

POST /auth/user/program/

DELETE /auth/user/program

Token reference

Error reference

Build docs developers (and LLMs) love

Get Started

Core Features

Authentication

Deployment

Documentation Index

​Log in

​Using the token

​User-profile endpoints

​GET /auth/user

​POST /auth/user/program/

​DELETE /auth/user/program

​Token reference

​Error reference

Build docs developers (and LLMs) love

Log in

Using the token

User-profile endpoints

GET /auth/user

POST /auth/user/program/

DELETE /auth/user/program

Token reference

Error reference