Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Danielsl4/TFG_DAM_2526_Consulta2/llms.txt

Use this file to discover all available pages before exploring further.

Authenticate an existing, verified account and receive a signed JSON Web Token (JWT). Include this token in the Authorization header of every request that requires authentication: 
Authorization: Bearer <token>
The token payload contains id, username, and role. Token lifetime is 7 days for regular users and 6 hours for accounts with the admin or referee role.
Store the JWT securely — for example, in memory or a secure HTTP-only cookie. Include it in the Authorization: Bearer header on every authenticated request. Do not store it in localStorage if your threat model includes XSS attacks.

Rate limiting

This endpoint is protected by authLimiter: 10 requests per 15 minutes per IP address. Exceeding this limit returns a 429 response.

Request body

username
string
required
The account username or email address. Lookup is case- and accent-insensitive, so Futbolísta, futbolista, and [email protected] all resolve to the same account.
password
string
required
The account password.

Response

200 — Authentication successful

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
token
string
Signed JWT token. Expires in 7 days for user accounts, or 6 hours for admin and referee accounts.

Error responses

StatusCondition
400username or password field is missing from the request body.
401The credentials are incorrect (invalid username/email or wrong password).
403The account is inactive or the email address has not been verified.
429Rate limit exceeded (10 requests per 15 minutes per IP).
500Internal server error during authentication or token generation.

403 — Unverified account

When the account exists but the email has not been verified, the response body includes a not_verified flag: 
{
  "message": "Por favor, revisa tu bandeja de entrada y verifica tu correo electrónico antes de iniciar sesión.",
  "not_verified": true
}
Use this flag in your client to show a targeted prompt directing the user to check their inbox or resend the verification email.

Examples

Authenticate

cURL
curl --request POST \
  --url https://api.example.com/login \
  --header 'Content-Type: application/json' \
  --data '{
    "username": "futbolista",
    "password": "securePassword123"
  }'

Use the token in a subsequent request

cURL
curl --request GET \
  --url https://api.example.com/users/profile \
  --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'

Build docs developers (and LLMs) love

Get started for freeTalk to us