Skip to main content
POST
/
auth
/
login
Login User
curl --request POST \
  --url https://api.example.com/auth/login \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "<string>",
  "password": "<string>"
}
'

Endpoint

POST /auth/login

Authentication

No authentication required. This is a public endpoint used to obtain authentication credentials.

Request Body

email
string
required
User’s email address. Must be a valid email format and must exist in the system.
password
string
required
User’s password. Must be at least 6 characters long and match the password associated with the email.

Request Example

{
  "email": "[email protected]",
  "password": "securePassword123"
}

curl -X POST https://api.clinicavitalis.com/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "securePassword123"
  }'

Response

Success Response (200 OK)

{
  "name": "María",
  "surname": "González",
  "email": "[email protected]",
  "rol": "50yunUs3r",
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIxIiwiaWF0IjoxNjE2MjM5MDIyfQ.4Adcj0bT_zNEvXHs6T8lRfXyXqL5L7X7FzYhQRZNaXk"
}
Store the JWT token securely on the client side. This token should be included in the Authorization header for subsequent authenticated requests.

Token Usage Example

curl -X GET https://api.clinicavitalis.com/api/protected-endpoint \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Error Responses

400 Bad Request - Validation Error

Returned when validation fails for any required field or format. 
{
  "errors": [
    {
      "msg": "El email es obligatorio",
      "param": "email",
      "location": "body"
    }
  ]
}

400 Bad Request - Email Not Found

Returned when the provided email does not exist in the system. 
{
  "msg": "No se encontró el email"
}

401 Unauthorized - Incorrect Password

Returned when the password does not match the email. 
{
  "msg": "La contraseña es incorrecta"
}

500 Internal Server Error

{
  "msg": "Error en el servidor"
}

Validation Rules

The following validations are enforced by express-validator:
  • email: Required, must be a valid email format
  • password: Required, minimum length of 6 characters
Failed login attempts should be monitored and rate-limited on production environments to prevent brute force attacks.

Response Fields

FieldTypeDescription
namestringUser’s first name
surnamestringUser’s last name
emailstringUser’s email address
rolstringUser’s role (50yunUs3r for user, 50yun4dmin for admin)
tokenstringJWT authentication token

Security Notes

  • Passwords are hashed using bcrypt before storage and comparison
  • JWT tokens are generated with the user’s ID and should be validated on protected endpoints
  • The token should be included in the Authorization header as a Bearer token for authenticated requests

Build docs developers (and LLMs) love

Get started for freeTalk to us