All authenticated endpoints require a valid JWT token obtained from the login endpoint. Tokens are signed with HS256 and expire after 8 hours.
Login
Obtain a token by submitting valid credentials.
Request body
A valid email address for the account.
Response
Signed JWT to use on subsequent requests.
Email address of the user.
Role of the user. One of admin or technician.
Tokens expire after 8 hours. After expiry, the client must log in again to obtain a new token.
curl --request POST \
--url https://your-domain.com/api/auth/login \
--header 'Content-Type: application/json' \
--data '{
"email": "[email protected]",
"password": "s3cur3p@ss"
}'
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"id": 42,
"name": "Jane Smith",
"email": "[email protected]",
"role": "technician"
}
}
Using the token
Pass the token as a Bearer token in the Authorization header on every authenticated request.
curl --request GET \
--url https://your-domain.com/api/auth/me \
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'
Get current user
Returns the profile of the authenticated user.
Requires: Authorization: Bearer <token>
Response
Email address of the user.
Role of the user. One of admin or technician.
curl --request GET \
--url https://your-domain.com/api/auth/me \
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'
{
"user": {
"id": 42,
"name": "Jane Smith",
"email": "[email protected]",
"role": "technician"
}
}
Get assigned vehicle (technician only)
Returns the active vehicle assignment for the authenticated technician, including vehicle details and maintenance status.
GET /api/technician/assigned-vehicle
Authorization: Bearer <token> with role technician
Response
Current assignment status. Value is active.
ISO 8601 date when the vehicle was assigned to this technician.
Full vehicle record including fleet information, inspection history, and maintenance records.
Computed maintenance status for the vehicle based on current mileage and maintenance history.
curl --request GET \
--url https://your-domain.com/api/technician/assigned-vehicle \
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'
{
"assignment": {
"id": 7,
"status": "active",
"assignedDate": "2026-03-01T08:00:00.000Z"
},
"vehicle": {
"id": 3,
"plate": "XYZ-1234",
"model": "Ford Transit",
"year": 2022
},
"maintenanceStatus": {
"preventive": "up-to-date",
"mandatory": "due"
}
}
Error codes
| Status | Message | Description |
|---|
401 | Missing token | The Authorization header was not provided or does not contain a Bearer token. |
401 | Invalid token | The token is malformed, has been tampered with, or has expired. |
401 | Credenciales invalidas | The email or password supplied to POST /api/auth/login is incorrect. |
403 | Forbidden | The authenticated user’s role does not have permission to access the requested endpoint. |