Login
curl --request POST \
--url https://api.example.com/api/auth/login \
--header 'Content-Type: application/json' \
--data '
{
"email": "<string>",
"password": "<string>"
}
'{
"400": {},
"401": {},
"message": "<string>",
"token": "<string>",
"user": {
"id": "<string>",
"email": "<string>",
"name": "<string>",
"role": "<string>",
"walletAddress": {}
}
}Authentication
Login
Authenticate a user with email and password
POST
/
api
/
auth
/
login
Login
curl --request POST \
--url https://api.example.com/api/auth/login \
--header 'Content-Type: application/json' \
--data '
{
"email": "<string>",
"password": "<string>"
}
'{
"400": {},
"401": {},
"message": "<string>",
"token": "<string>",
"user": {
"id": "<string>",
"email": "<string>",
"name": "<string>",
"role": "<string>",
"walletAddress": {}
}
}Documentation Index
Fetch the complete documentation index at: https://mintlify.com/GoodnessFx/GatePass/llms.txt
Use this file to discover all available pages before exploring further.
Overview
Authenticate a user with their email and password. This endpoint validates credentials, generates new JWT tokens, and returns user information.Request Body
User’s email address. Must be a valid email format.
User’s password.
Response
Success message confirming login.
JWT access token valid for 15 minutes. Include this token in the
Authorization header as Bearer {token} for authenticated requests.Authentication Tokens
Access Token
- Type: JWT (JSON Web Token)
- Expiration: 15 minutes
- Payload: Contains
userId,email, androle - Usage: Include in
Authorization: Bearer {token}header
Refresh Token
- Type: JWT (JSON Web Token)
- Expiration: 7 days
- Storage: HttpOnly cookie named
refreshToken - Usage: Automatically sent with requests to refresh access token
Example Request
cURL
curl -X POST https://api.gatepass.com/api/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "SecurePass123"
}'
Example Response
{
"message": "Login successful",
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI1NTBlODQwMC1lMjliLTQxZDQtYTcxNi00NDY2NTU0NDAwMDAiLCJlbWFpbCI6InVzZXJAZXhhbXBsZS5jb20iLCJyb2xlIjoiVVNFUiIsImlhdCI6MTcwOTczNjAwMCwiZXhwIjoxNzA5NzM2OTAwfQ...",
"user": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"email": "user@example.com",
"name": "John Doe",
"role": "USER",
"walletAddress": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb"
}
}
Error Responses
Invalid email format or missing password.
{
"error": "Invalid email format"
}
Invalid credentials (email or password is incorrect).
{
"error": "Invalid email or password"
}
Token Refresh
When the access token expires (after 15 minutes), use the refresh token to obtain a new access token:cURL
curl -X POST https://api.gatepass.com/api/auth/refresh-token \
-H "Cookie: refreshToken={refresh_token}"
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Using the Access Token
Include the access token in theAuthorization header for all authenticated requests:
cURL
curl -X GET https://api.gatepass.com/api/events \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Security Features
- Password Hashing: Passwords are hashed using bcrypt with 12 rounds
- Email Normalization: Email addresses are normalized before comparison
- HttpOnly Cookies: Refresh tokens stored in HttpOnly cookies prevent XSS attacks
- Secure Cookies: In production, cookies are only sent over HTTPS
- SameSite Protection: Cookies use
SameSite: strictto prevent CSRF attacks
Session Management
The refresh token is stored in the database and can be invalidated by:- Calling the
/api/auth/logoutendpoint - Token expiration (7 days)
- Manual token revocation
⌘I
Build docs developers (and LLMs) love
Assistant
Responses are generated using AI and may contain mistakes.