TheDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Gianluca-X/DigitalMoney/llms.txt
Use this file to discover all available pages before exploring further.
/auth/login endpoint validates a user’s email and BCrypt-hashed password, confirms that the account’s email has been verified, and returns a signed HS256 JWT. Include that token in the Authorization header of every subsequent request that requires authentication.
Endpoint
application/json
Request Body
The email address used when the account was registered.
The account’s plain-text password. The service compares it against the stored BCrypt hash using
PasswordEncoder.matches().Response Fields
A successful200 OK response returns an AuthResponse object.
A signed HS256 JWT Bearer token. The token payload contains:
sub— the user’s email address (used as the security principal throughout the platform).role— the user’s assigned role (USERorADMIN).iat— issued-at timestamp.exp— expiration timestamp, exactly 24 hours after issuance.
Authorization header as Bearer <token> on all protected endpoints.The internal auth-service primary key for the authenticated user.
Confirmation message. Returns
"Login Exitoso" on success.Example
Request
Response 200 OK
Using the Token
Once you receive the token, attach it to every authenticated request via theAuthorization header:
The JWT subject (
sub) is the user’s email address. Protected endpoints in the auth service — such as PATCH /auth/change-email and PATCH /auth/change-password — derive the current user’s identity directly from this claim via Authentication.getName(), not from any request body field.Error Codes
| HTTP Status | Exception | Description |
|---|---|---|
400 Bad Request | UserNotFoundException | No account exists for the supplied email address. |
400 Bad Request | InvalidPasswordException | The password does not match the stored BCrypt hash. |
403 Forbidden | EmailNotVerifiedException | The account exists but the email address has not yet been verified. Complete the verification flow before logging in. |
500 Internal Server Error | Exception | An unexpected server-side error occurred. |
