Skip to main content
POST /api/auth/login Validates a Cloudflare Turnstile token, checks the user’s credentials, and returns a signed JWT on success.

Request body

strNombreUsuario
string
required
Username of the account to authenticate.
strPwd
string
required
Plain-text password. Compared against the bcrypt hash stored in the database.
turnstileToken
string
required
Cloudflare Turnstile token obtained from the client-side widget. Verified against the Turnstile /siteverify endpoint before any credential check.

Response

success
boolean
required
true on a successful login.
token
string
required
Signed JWT. Expires in 8 hours. The payload contains id, idPerfil, and nombre.
user
object
required

Error responses

StatusMessageCause
400Fallo en la validación del captcha.Turnstile verification returned success: false.
401El usuario no existe o su estado es inactivo.No user found with that username, or idEstadoUsuario is false.
401Usuario o contraseña incorrectos.Password does not match the stored bcrypt hash.
Store the returned token in an auth_token cookie with maxAge set to 8 hours (28800 seconds) to match the JWT expiry.

Examples

curl --request POST \
  --url https://your-domain.com/api/auth/login \
  --header 'Content-Type: application/json' \
  --data '{
    "strNombreUsuario": "admin",
    "strPwd": "secret123",
    "turnstileToken": "<turnstile-response-token>"
  }'

Success response

200
{
  "success": true,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "id": 1,
    "nombre": "admin",
    "idPerfil": 1,
    "correo": "[email protected]",
    "celular": "555-1234",
    "imagenUrl": "https://res.cloudinary.com/demo/image/upload/usuarios_corp/sample.jpg"
  }
}

Build docs developers (and LLMs) love

Get started for freeTalk to us