Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Nyverie/reservafacil/llms.txt

Use this file to discover all available pages before exploring further.

Exchanges a registered email and password for a signed JWT session. On success the server writes a token cookie directly to the browser — no client-side token storage is required. The cookie is HTTP-only and scoped to the root path, so it is automatically attached to every subsequent request made from the same origin.

Request

POST /api/auth/login
email
string
required
The email address associated with the user’s account. Must exactly match a record in the database (case-sensitive).
password
string
required
The user’s plain-text password. The server compares this against the stored bcrypt hash (10 rounds) using bcrypt.compare.

Response

200 — Success

Returns the authenticated user’s public profile and sets the token cookie.
ok
boolean
Always true on a successful response.
usuario
object
Public profile of the authenticated user.
The response also sets a Set-Cookie header with the following attributes: httpOnly: true, sameSite: lax, maxAge: 604800 (7 days), path: /. In production the secure flag is also added so the cookie is only sent over HTTPS.

Error Responses

Statuserror valueCause
400"Email y contraseña requeridos"One or both of the required fields are missing from the request body.
401"Credenciales inválidas"No user found for that email, the account has activo = false, or the password does not match.
500"Error interno del servidor"An unexpected server-side error occurred.
A 401 is returned for a missing user, an inactive account (activo = false), and a wrong password alike — all three cases return the same "Credenciales inválidas" message to avoid leaking whether an email address is registered or an account is active.

Examples

curl -X POST https://your-app.vercel.app/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "usuario@reservafacil.com", "password": "usuario123"}'

Success response body

{
  "ok": true,
  "usuario": {
    "id": "clx1a2b3c0000qwer1234abcd",
    "nombre": "Ana García",
    "email": "usuario@reservafacil.com",
    "rol": "USUARIO"
  }
}

Build docs developers (and LLMs) love