Endpoint
POST
/login
Request Body
User’s email address registered in the system
User’s password (will be verified using bcrypt)
Response
Success Response
Success message: “Autenticación correcta”
JWT access token valid for 1 hour. Use this token in the Authorization header for subsequent authenticated requests.
Error Responses
Error message describing the authentication failure
| Status Code | Message | Description |
|---|---|---|
| 200 | Autenticación correcta | Login successful, token provided |
| 401 | No existe usuario | Invalid password provided |
| 401 | Autenticación incorrecta | User not found or database error |
Authentication Flow
- The API receives email and password credentials
- Queries the database for the user by email
- Compares the provided password with the stored bcrypt hash
- If valid, generates a JWT token with 1-hour expiration
- Returns the token for use in authenticated requests
Code Examples
Response Examples
Successful Login
Failed Login - Invalid Password
Failed Login - User Not Found
Token Usage
The returned JWT token must be included in theAuthorization header for all secured endpoints:
- Token expiration: 1 hour from issuance
- Header format:
Authorization: <token> - Secured endpoints are prefixed with
/securedin the API - Invalid or expired tokens will return a 401 status with message “Token_invalido”
- Missing authorization header will return 401 with message “Sin autorización”
Security Notes
- Passwords are verified using bcrypt hashing
- JWT tokens are signed with a secret key stored in environment variables
- Tokens include user email and expire after 1 hour
- Always use HTTPS in production to protect credentials in transit