The Auth API handles the full identity lifecycle for AutoPart Pro users. It exposes endpoints to register a new account, exchange credentials for a signed JWT, retrieve the authenticated user’s profile from the database, and rehydrate client-side auth state on page load. All tokens are signed withDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/JFKoryy/autopart-pro/llms.txt
Use this file to discover all available pages before exploring further.
jsonwebtoken and expire after one hour — include the token in an Authorization: Bearer <token> header on all protected requests.
POST /api/auth/register
Creates a new user account. The password is hashed withbcryptjs (salt rounds: 10) before being stored. The default role assigned to every new account is client. On success the endpoint returns a signed JWT so the user can begin making authenticated requests immediately without a separate login step.
Email addresses are stored with a unique constraint in MySQL. Attempting to register with an already-used address returns a
400 before any password hashing occurs.Request body
The user’s display name.
A valid email address. Must be unique across all accounts.
Plain-text password. The API hashes it with bcrypt before persisting — never store or log raw passwords on the client.
Example request
Responses
Human-readable confirmation:
"¡Usuario registrado con éxito! Ya puedes iniciar sesión."Signed JWT valid for 1 hour. Pass this in all subsequent
Authorization: Bearer headers.POST /api/auth/login
Validates an email and password against the stored bcrypt hash and, on success, returns a fresh signed JWT along with the user’s full role. Use this token in theAuthorization header for all protected endpoints.
Request body
The registered email address for the account.
The account’s plain-text password. Compared against the stored bcrypt hash server-side.
Example request
Responses
Confirmation string:
"¡Inicio de sesión exitoso!"Signed JWT containing
id and role claims. Valid for 1 hour.GET /api/auth/profile
Returns the authenticated user’s stored profile data — id, name, email, and account creation timestamp — fetched directly from theusers table. The password column is never included in the response. This endpoint is useful for displaying account details in a profile page.
This endpoint requires a valid
Authorization: Bearer <token> header. The user ID is extracted from the decoded JWT payload by the protect middleware and used to query the database.Example request
Responses
GET /api/auth/me
A lightweight identity-check endpoint used primarily by the React frontend to rehydrate auth state when the page loads or the app is refreshed. The middleware decodes the stored JWT, the route handler looks up the user by ID, and the full user object (id, name, email, role) is returned. Unlike/profile, this response includes the role field, which the frontend uses to gate admin-only UI sections.
Example request
Responses
true when the user is found and the token is valid.