Corpointa uses JSON Web Tokens (JWT) for stateless authentication. The flow is straightforward: post a user’s national ID (Documentation Index
Fetch the complete documentation index at: https://mintlify.com/EricMartinez758/corpointa-frontend/llms.txt
Use this file to discover all available pages before exploring further.
cedula) and password to POST /auth/login, receive a signed JWT in return, and include that token in the Authorization: Bearer header on every subsequent request. The frontend stores the token in a browser cookie and attaches it automatically via the Axios request interceptor — so you only need to handle the token explicitly when integrating from outside the browser client (e.g. a backend service, a CLI, or a testing tool).
Sign In
Send the user’s credentials to obtain a token.POST /auth/login
TypeScript interfaces
The following interfaces are defined insrc/features/auth/api/auth-api.ts and describe the exact shapes of the request body and the success response:
Request parameters
The user’s national identification number, e.g.
"V-12345678".The user’s plaintext password. Transmitted over HTTPS; hashed and compared server-side.
Response fields
A signed JWT. Include this value as
Authorization: Bearer <token> on all subsequent requests.The authenticated user’s profile.
curl example
Example response
Using the Token
Once you have the token, pass it in theAuthorization header on every request that requires authentication. All endpoints except POST /auth/login and POST /auth/refresh-token require a valid token.
401 Unauthorized response.
Refresh Token
When the current JWT is close to expiry, request a new one without requiring the user to re-enter their credentials.POST /auth/refresh-token
No request body is required. The backend identifies the session from the current token, which the Axios interceptor attaches automatically from the cookie when called from within the browser client.
Token Storage in the Frontend
The frontend manages the token lifecycle through a Zustand store (useAuthStore, defined in src/stores/auth-store.ts). The key behaviour:
- On login:
auth.setAccessToken(token)is called with the token string. Internally, this serialises the token withJSON.stringifyand writes it to a browser cookie namedthisisjustarandomstringvia thesetCookiehelper. - On page load: The store initialises by reading and JSON-parsing the cookie, so the user remains authenticated across full-page refreshes without a new login.
- On every API request: The Axios interceptor in
api-client.tsreads that same cookie, URI-decodes it, JSON-parses it, and injects the token as theAuthorization: Bearerheader automatically — no manual header management is needed in individual API calls. - On logout:
auth.reset()removes both the token cookie (thisisjustarandomstring) and the user data cookie (user_data), clearing the session completely.