Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Daniel-Stojanovski/finkiopendesk/llms.txt

Use this file to discover all available pages before exploring further.

FinkiOpenDesk uses JWT-based authentication for all protected API calls. There are two registration paths depending on who you are: FCSE students register with their institutional email and activate their account through a verification link, while general users register directly with any email and a password. Both paths produce a JWT that you include as a Bearer token in subsequent requests.

Auth flows at a glance

FinkiOpenDesk supports two distinct registration flows:
  • Student registration — requires an @students.finki.ukim.mk email address. The account starts inactive; the user receives an activation email and must set a password before they can log in.
  • General user registration — any email address that is not a student address. The account is active immediately after POST /auth/users/create and a JWT is returned directly.
Once registered, all users log in through the same POST /auth/login endpoint.

Public vs. authenticated endpoints

The table below summarises which routes are open and which require a valid JWT.
EndpointMethodAuth required
/auth/students/createPOSTNo
/auth/students/activatePOSTNo
/auth/users/createPOSTNo
/auth/loginPOSTNo
/api/**AnyNo
/auth/userGETYes
/auth/user/program/{programId}POSTYes
/auth/user/programDELETEYes
All other routesAnyYes

Using your JWT in API requests

After logging in or activating your account, you receive a JWT as a plain string in the response body. Include it in every authenticated request using the Authorization header: 
Authorization: Bearer <your_token>
Example with curl: 
curl https://finkiopendesk-be.onrender.com/auth/user \
  -H "Authorization: Bearer <your_token>"

Token types

The API uses two separate JWT types internally. From your perspective as a caller:
TokenPurposeLifetime
Activation tokenSent inside the activation email link; passed to POST /auth/students/activate30 minutes
Login tokenReturned by /auth/login, /auth/users/create, and /auth/students/activate; used in the Authorization header24 hours
Activation tokens are single-use and expire after 30 minutes. If yours expires before you set a password, you must restart the registration process.

Next steps

Register as a student

Step-by-step walkthrough of the email activation flow for FCSE students.

Log in and manage tokens

How to log in, store your JWT, and call authenticated endpoints.

Build docs developers (and LLMs) love

Get started for freeTalk to us