The Authentication API provides a single login endpoint that validates a user’s email and password against hashed credentials stored in the database. On success it returns a signed JSON Web Token (JWT) and the full user profile. Every other protected endpoint in the SS Restaurant API requires this token in theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/FloresJesus/SS_RESTAURANT/llms.txt
Use this file to discover all available pages before exploring further.
Authorization header.
POST /api/auth/login
Authenticate a user and receive a JWT. No prior authentication is required to call this endpoint.POST /api/auth/login
Request body
The registered email address of the user.
The user’s plain-text password. It is compared against the stored bcrypt hash server-side.
Response fields
A signed HS256 JWT. Valid for 8 hours from the moment of issue. Pass this value in the
Authorization: Bearer <token> header on all protected requests.The authenticated user’s profile.
Audit logging
Every successful login is recorded in the system audit log. The server callslogAudit with the action LOGIN against the usuarios table, capturing the user ID, email, and client IP address. Failed login attempts are not logged.
Error responses
| Status | Condition |
|---|---|
400 Bad Request | email or password field is missing from the request body. |
401 Unauthorized | User not found for the given email address. |
401 Unauthorized | Password does not match the stored hash. |
401 Unauthorized | User account exists but activo is false. |
500 Internal Server Error | Unexpected server-side error. |
Example request
Example response
Using the token
Include the token in the
Authorization header of every request to a protected endpoint. Tokens expire after 8 hours; your client must re-authenticate after expiry.id, email, and rol. Role-based middleware on protected routes reads these claims directly — no additional lookup is needed for basic authorization.