Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/HelenaLM32/ECHO/llms.txt

Use this file to discover all available pages before exploring further.

ECHO’s API uses stateless JWT Bearer token authentication. Every request to a protected endpoint must include a valid token in the Authorization header. Tokens are issued when you register a new account or log in with an existing one.

Registration

Create a new ECHO account by sending a POST request to /users/register.

Request fields

email
string
required
A valid email address. Must conform to standard email format (e.g., user@example.com).
username
string
required
A unique display name. Must be at least 3 characters long.
password
string
required
Account password. Validated server-side for minimum length and format requirements.
curl -X POST http://localhost:8084/users/register \
  -H "Content-Type: application/json" \
  -d '{"email":"artist@example.com","username":"myartist","password":"SecurePass123"}'

Response fields

On success, the API returns a 200 response with the created user object.
id
string
required
Unique identifier for the new user account.
email
string
required
The email address associated with the account.
username
string
required
The chosen display name for the account.
Registration does not return a JWT token. After registering, call /users/login with the same credentials to obtain a token.

Login

Authenticate an existing account and receive a JWT token.

Request fields

email
string
required
The email address used to register the account.
password
string
required
The account password.
curl -X POST http://localhost:8084/users/login \
  -H "Content-Type: application/json" \
  -d '{"email":"artist@example.com","password":"SecurePass123"}'

Response

On success, the API returns a 200 JSON object. Store the token securely — you will need it for all subsequent authenticated requests.
token
string
required
A signed JWT string used to authenticate requests. Include this value in the Authorization header as a Bearer token.
id
number
required
The authenticated user’s numeric ID.
email
string
required
The authenticated user’s email address.
username
string
required
The authenticated user’s display name.
roles
array
required
List of role names assigned to the user (e.g., ["USER"], ["ADMIN"]).
isActive
boolean
required
Whether the account is active.
avatarUrl
string
URL of the user’s avatar image, if set.
{
  "token": "eyJhbGciOiJIUzI1NiJ9...",
  "id": 42,
  "email": "artist@example.com",
  "username": "myartist",
  "roles": ["USER"],
  "isActive": true,
  "avatarUrl": null
}

Using the token

Include the token in the Authorization header on every request to a protected endpoint. 
curl -X GET http://localhost:8084/orders \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9..."
Tokens must be prefixed with Bearer (including the trailing space). Requests missing this header, or with an expired or invalid token, will receive a 403 response.

Error responses

StatusMeaningCommon causes
400Invalid inputMalformed email, username shorter than 3 characters, password fails validation
401Wrong credentialsIncorrect email or password at login
403Not authorizedValid token but insufficient permissions (e.g., non-admin accessing an admin endpoint)

Build docs developers (and LLMs) love

Get started for freeTalk to us