Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/JFKoryy/autopart-pro/llms.txt

Use this file to discover all available pages before exploring further.

The Auth API handles the full identity lifecycle for AutoPart Pro users. It exposes endpoints to register a new account, exchange credentials for a signed JWT, retrieve the authenticated user’s profile from the database, and rehydrate client-side auth state on page load. All tokens are signed with jsonwebtoken and expire after one hour — include the token in an Authorization: Bearer <token> header on all protected requests.

POST /api/auth/register

Creates a new user account. The password is hashed with bcryptjs (salt rounds: 10) before being stored. The default role assigned to every new account is client. On success the endpoint returns a signed JWT so the user can begin making authenticated requests immediately without a separate login step.
Email addresses are stored with a unique constraint in MySQL. Attempting to register with an already-used address returns a 400 before any password hashing occurs.

Request body

name
string
required
The user’s display name.
email
string
required
A valid email address. Must be unique across all accounts.
password
string
required
Plain-text password. The API hashes it with bcrypt before persisting — never store or log raw passwords on the client.

Example request

curl -X POST https://api.autopartpro.com/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Carlos Mendoza",
    "email": "carlos.mendoza@example.com",
    "password": "SecurePass123!"
  }'

Responses

message
string
Human-readable confirmation: "¡Usuario registrado con éxito! Ya puedes iniciar sesión."
token
string
Signed JWT valid for 1 hour. Pass this in all subsequent Authorization: Bearer headers.
user
object
201 — Created
{
  "message": "¡Usuario registrado con éxito! Ya puedes iniciar sesión.",
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6NDIsInJvbGUiOiJjbGllbnQiLCJpYXQiOjE3MTA4NjQwMDAsImV4cCI6MTcxMDg2NzYwMH0.abc123",
  "user": {
    "id": 42,
    "name": "Carlos Mendoza",
    "email": "carlos.mendoza@example.com",
    "role": "user"
  }
}
400 — Missing fields
{
  "message": "Todos los campos son obligatorios."
}
400 — Duplicate email
{
  "message": "El correo electrónico ya está registrado."
}
500 — Server error
{
  "message": "Error interno del servidor."
}

POST /api/auth/login

Validates an email and password against the stored bcrypt hash and, on success, returns a fresh signed JWT along with the user’s full role. Use this token in the Authorization header for all protected endpoints.

Request body

email
string
required
The registered email address for the account.
password
string
required
The account’s plain-text password. Compared against the stored bcrypt hash server-side.

Example request

curl -X POST https://api.autopartpro.com/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "carlos.mendoza@example.com",
    "password": "SecurePass123!"
  }'

Responses

message
string
Confirmation string: "¡Inicio de sesión exitoso!"
token
string
Signed JWT containing id and role claims. Valid for 1 hour.
user
object
200 — OK
{
  "message": "¡Inicio de sesión exitoso!",
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6NDIsInJvbGUiOiJjbGllbnQiLCJpYXQiOjE3MTA4NjQwMDAsImV4cCI6MTcxMDg2NzYwMH0.xyz789",
  "user": {
    "id": 42,
    "name": "Carlos Mendoza",
    "email": "carlos.mendoza@example.com",
    "role": "client"
  }
}
400 — Missing fields
{
  "message": "Todos los campos son obligatorios."
}
400 — Invalid credentials
{
  "message": "Credenciales inválidas."
}
500 — Server error
{
  "message": "Error interno del servidor."
}

GET /api/auth/profile

Returns the authenticated user’s stored profile data — id, name, email, and account creation timestamp — fetched directly from the users table. The password column is never included in the response. This endpoint is useful for displaying account details in a profile page.
This endpoint requires a valid Authorization: Bearer <token> header. The user ID is extracted from the decoded JWT payload by the protect middleware and used to query the database.

Example request

curl -X GET https://api.autopartpro.com/api/auth/profile \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6NDIsInJvbGUiOiJjbGllbnQiLCJpYXQiOjE3MTA4NjQwMDAsImV4cCI6MTcxMDg2NzYwMH0.xyz789"

Responses

user
object
200 — OK
{
  "user": {
    "id": 42,
    "name": "Carlos Mendoza",
    "email": "carlos.mendoza@example.com",
    "created_at": "2024-03-19T14:22:10.000Z"
  }
}
401 — No token provided
{
  "message": "No autorizado, no se proporcionó un token."
}
401 — Invalid or expired token
{
  "message": "Token no válido o expirado."
}
404 — User not found
{
  "message": "Usuario no encontrado."
}

GET /api/auth/me

A lightweight identity-check endpoint used primarily by the React frontend to rehydrate auth state when the page loads or the app is refreshed. The middleware decodes the stored JWT, the route handler looks up the user by ID, and the full user object (id, name, email, role) is returned. Unlike /profile, this response includes the role field, which the frontend uses to gate admin-only UI sections.
Call this endpoint on application boot after reading a stored token from localStorage. If it returns 200, restore the user session; if it returns 401 or 404, clear the token and redirect to login.

Example request

curl -X GET https://api.autopartpro.com/api/auth/me \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6NDIsInJvbGUiOiJjbGllbnQiLCJpYXQiOjE3MTA4NjQwMDAsImV4cCI6MTcxMDg2NzYwMH0.xyz789"

Responses

success
boolean
true when the user is found and the token is valid.
user
object
200 — OK
{
  "success": true,
  "user": {
    "id": 42,
    "name": "Carlos Mendoza",
    "email": "carlos.mendoza@example.com",
    "role": "client"
  }
}
401 — No token provided
{
  "message": "No autorizado, no se proporcionó un token."
}
401 — Invalid or expired token
{
  "message": "Token no válido o expirado."
}
404 — User not found
{
  "success": false,
  "message": "Usuario no encontrado"
}

Build docs developers (and LLMs) love