Skip to main content

POST /api/auth/login

Validates user credentials and returns a JWT token containing email, roles, and permissions claims.

Authentication

This endpoint is public and does not require authentication.

Request Body

email
string
required
User’s email address. Must be a valid email format.Example: [email protected]
password
string
required
User’s password for authentication.Example: password123

Response

token
string
JWT token containing user claims (email, roles, and permissions). Use this token in the Authorization header for authenticated requests.

Example Request

curl -X POST https://api.example.com/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "password123"
  }'

Example Response

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImFkbWluQGVtcHJlc2EuY29tIiwicm9sZXMiOlsiQURNSU4iXSwicGVybWlzc2lvbnMiOlsiUkVBRCIsIldSSVRFIl0sImlhdCI6MTUxNjIzOTAyMn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}

Error Responses

401 Unauthorized
object
Returned when credentials are incorrect or the user account is inactive.
{
  "status": 401,
  "error": "Unauthorized",
  "message": "Credenciales incorrectas o cuenta inactiva"
}
400 Bad Request
object
Returned when the request body validation fails.
{
  "status": 400,
  "error": "Bad Request",
  "message": "El email es obligatorio",
  "errors": [
    {
      "field": "email",
      "message": "El email es obligatorio"
    }
  ]
}

Status Codes

CodeDescription
200Login successful, JWT token returned
400Invalid request body or validation error
401Invalid credentials or inactive account

Build docs developers (and LLMs) love

Get started for freeTalk to us