Skip to main content

Overview

The Soft-Bee Authentication API provides secure user authentication and authorization using JWT (JSON Web Tokens). The API follows Clean Architecture and Domain-Driven Design principles.

Base URL

/api/v1/auth

Authentication Flow

  1. Register - Create a new user account
  2. Login - Authenticate and receive access/refresh tokens
  3. Refresh Token - Get a new access token using refresh token (under development)
  4. Logout - Invalidate refresh token and end session (under development)

Token Types

Access Token

  • Short-lived token for API requests
  • Default expiration: 15 minutes (900 seconds)
  • Extended expiration with remember_me: 24 hours (86400 seconds)
  • Include in requests: Authorization: Bearer {access_token}

Refresh Token

  • Long-lived token for obtaining new access tokens
  • Default expiration: 7 days (604800 seconds)
  • Extended expiration with remember_me: 30 days (2592000 seconds)
  • Store securely on client side

Available Endpoints

Production Ready

Register User

Create a new user account

Login

Authenticate and get tokens

Under Development

Refresh Token

Get new access token (coming soon)

Logout

End user session (coming soon)

Health Check

GET /api/v1/auth/health
Returns the health status of the authentication service and lists available endpoints. Response: 
{
  "status": "healthy",
  "feature": "auth",
  "version": "1.0.0",
  "endpoints": [
    "/api/v1/auth/login",
    "/api/v1/auth/register"
  ]
}

Security Features

Password Requirements

  • Minimum 8 characters
  • Must contain uppercase letter
  • Must contain lowercase letter
  • Must contain number
  • Must contain special character

Username Requirements

  • 3-50 characters
  • Only letters, numbers, and underscores
  • Must be unique

Account Security

  • Failed login attempt tracking
  • Account lockout after multiple failed attempts
  • Email verification system
  • Secure password hashing

Error Responses

All endpoints return consistent error responses: 
{
  "error": "Error message description"
}

Common HTTP Status Codes

CodeDescription
200Success
201Created (registration)
400Bad Request (validation error)
401Unauthorized (invalid credentials or token)
404Not Found
500Internal Server Error

Rate Limiting

Rate limiting implementation may vary per deployment. Contact your administrator for specific limits.

Next Steps

Quick Start

Get started with the API

Authentication Guide

Learn authentication best practices

Build docs developers (and LLMs) love

Get started for freeTalk to us