Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/bentlyy/Clinica/llms.txt

Use this file to discover all available pages before exploring further.

Every protected endpoint in Clinica requires a valid JWT token. You get that token by registering an account and then logging in. Once you have the token, you include it in every request using the Authorization header. Tokens are valid for 1 day from the moment they are issued.

Register an account

Send a POST request to /api/auth/register with your email and password. If the email is not already taken, you’ll receive your user id and email back. 
curl -X POST http://localhost:3000/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email": "patient@example.com", "password": "mypassword"}'
Response 
{
  "id": 42,
  "email": "patient@example.com"
}
If the email is already registered, the API returns an error: 
{ "error": "Email already exists" }

Log in

Send a POST request to /api/auth/login with the same credentials. You’ll receive a JWT token that you’ll use in all subsequent requests. 
curl -X POST http://localhost:3000/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "patient@example.com", "password": "mypassword"}'
Response 
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
The token encodes your user ID, email, and role. It expires after 24 hours, after which you’ll need to log in again to get a new one.

Use the token in requests

Include the token in the Authorization header as a Bearer token on every request to a protected endpoint: 
curl http://localhost:3000/api/bookings/me \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
The header value must follow the format Bearer <token> — note the space between Bearer and the token string.

Error responses

StatusError messageMeaning
401Token requiredThe Authorization header was missing from the request.
401Invalid tokenThe token is malformed, has been tampered with, or has expired.
403ForbiddenYour account role does not have permission to access that endpoint.
Tokens are stateless — there is no server-side session to invalidate. If your token is compromised before it expires, log in again with your credentials to obtain a new token.

Build docs developers (and LLMs) love

Get started for freeTalk to us