Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/FlasheyEstudi/Oasis-Liquido/llms.txt

Use this file to discover all available pages before exploring further.

Oasis Liquido authenticates every API request using JSON Web Tokens (JWT). After logging in, you receive a short-lived access_token in the response body. A refresh_token is simultaneously set as an httpOnly cookie by the server — it is not in the JSON response. Pass the access token as a Bearer header on all protected endpoints.

Register a new account

Send a POST request to /api/v1/auth/register with your user details. On success you receive the access_token in the response body; the refresh_token is set as an httpOnly cookie automatically.
email
string
required
Email address — must be unique across the platform
password
string
required
Password for the account
name
string
required
Full display name
phone
string
Optional phone number
role
string
One of: patient, doctor, receptionist, pharmacy_manager, delivery_driver. Defaults to patient.
curl -X POST http://localhost:8000/api/v1/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email":"ana@example.com","password":"secret123","name":"Ana López","role":"patient"}'

{
  "success": true,
  "data": {
    "user": { "id": "clx...", "email": "ana@example.com", "name": "Ana López", "role": "patient" },
    "access_token": "eyJ..."
  }
}
The refresh_token is set as an httpOnly cookie by the server — it does not appear in the JSON response body. In browser environments it is sent automatically with subsequent requests.

Log in

curl -X POST http://localhost:8000/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"ana@example.com","password":"secret123"}'

Use the access token

Pass the access_token as a Bearer header on every protected request: 
curl http://localhost:8000/api/v1/appointments \
  -H "Authorization: Bearer eyJ..."

Refresh the token

When the access token expires, call /api/v1/auth/refresh. The refresh token is stored as an httpOnly cookie — no request body needed.
The refresh token is set automatically as an httpOnly cookie on login. Your HTTP client must send cookies for this endpoint to work.
curl -X POST http://localhost:8000/api/v1/auth/refresh --cookie "..."
Response: { "success": true, "data": { "access_token": "eyJ...", "refresh_token": "eyJ..." } }

Log out

curl -X POST http://localhost:8000/api/v1/auth/logout \
  -H "Authorization: Bearer eyJ..."

Error codes

StatusMeaning
401Missing or invalid access token
403Valid token but insufficient role permissions
409Email already registered

Build docs developers (and LLMs) love

Get started for freeTalk to us