Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/TheSerchCp/SEAM-API/llms.txt

Use this file to discover all available pages before exploring further.

The POST /api/v1/auth/login endpoint authenticates a registered user by verifying their email and password against the stored bcrypt hash. On success it returns a signed JSON Web Token, the token’s expiry duration, the user object (without password), sidebar navigation items for the user’s role, and a flat list of URI permission strings the role can access. No authentication token is required to call this endpoint.

Endpoint

POST /api/v1/auth/login
Base URL: http://localhost:{PORT}/api/v1 Authentication: None required

Request Body

email
string
required
The email address the user registered with.
password
string
required
The user’s plain-text password. It is compared against the stored bcrypt hash using bcrypt.compare.

Example Request

curl -X POST http://localhost:3000/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "jane.doe@example.com",
    "password": "securePass123"
  }'

Responses

200 OK

Returned when credentials are valid. The response includes the JWT token, its expiry, the authenticated user, role-based sidebar items, and the full list of nameUri permission strings for the user’s role. 
{
  "success": true,
  "message": "Login exitoso",
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZFVzZXIiOjcsImVtYWlsIjoiamFuZS5kb2VAZXhhbXBsZS5jb20iLCJyb2xlSWQiOjIsInJvbGVOYW1lIjoiZWRpdG9yIiwiaWF0IjoxNzE5MDAwMDAwLCJleHAiOjE3MTkwMDM2MDB9.abc123",
    "expiresIn": "1h",
    "user": {
      "idUser": 7,
      "full_name": "Jane Doe",
      "email": "jane.doe@example.com",
      "roleId": 2,
      "roleName": "editor"
    },
    "sidebarItems": [
      {
        "idItem": 1,
        "nameItem": "Dashboard",
        "iconItem": "home",
        "route": "/dashboard"
      },
      {
        "idItem": 3,
        "nameItem": "Users",
        "iconItem": "users",
        "route": "/users"
      }
    ],
    "permissions": [
      "GET /api/v1/users",
      "GET /api/v1/users/:id",
      "PUT /api/v1/users/:id"
    ]
  }
}
success
boolean
Always true for successful responses.
message
string
Human-readable confirmation message: "Login exitoso".
data
object
The full authentication payload.

400 Bad Request — Validation Error

Returned when email or password fields are missing or fail type validation enforced by validate.middleware against loginSchema. 
{
  "success": false,
  "message": "El campo 'email' es requerido",
  "data": null
}

401 Unauthorized — Invalid Credentials

Returned when no user exists with the provided email, or the password does not match the stored bcrypt hash. The service throws UnauthorizedError('Credenciales inválidas'). 
{
  "success": false,
  "message": "Credenciales inválidas",
  "data": null
}

JWT Payload

The token is signed with HS256 (default for jsonwebtoken). After verification, the decoded payload contains:
FieldTypeDescription
idUsernumberUser’s primary key
emailstringUser’s email address
roleIdnumberNumeric role ID
roleNamestringRole name string
iatnumberIssued-at timestamp (Unix seconds)
expnumberExpiration timestamp (Unix seconds)

Socket.IO Events

During login the service emits real-time progress events on the auth:login channel:
OrderStatusPayload message
1start"Iniciando autenticación..."
2processing"Verificando credenciales..."
3processing"Cargando permisos y menú..."
4processing"Generando token de sesión..."
5success"Sesión iniciada exitosamente"
// Client-side listener example
socket.on("auth:login", (event) => {
  console.log(event.status, event.message);
  // { status: "success", message: "Sesión iniciada exitosamente" }
});
Store the token value in a secure location (e.g., an httpOnly cookie or a secure in-memory store — avoid localStorage in sensitive applications). Include it in all subsequent protected API requests via the Authorization header:
Authorization: Bearer <token>
Once the token expires (see expiresIn), the user must log in again to obtain a new one.

Build docs developers (and LLMs) love

Get started for freeTalk to us