Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/davidG97/qa-flow/llms.txt

Use this file to discover all available pages before exploring further.

QA Flow uses JSON Web Tokens (JWT) for stateless authentication. There are three authentication endpoints: one to register a new account, one to exchange credentials for a token, and one to retrieve the profile of the currently logged-in user. Every other endpoint in the API requires a valid token passed in the Authorization: Bearer <token> header.

POST /api/auth/register

Register a new user account. On success, the newly created user object is returned along with a JWT so the client can begin making authenticated requests immediately. Authentication required: No

Request Body

email
string
required
A valid, unique email address for the new account.
password
string
required
The account password. Stored as a bcrypt hash — never in plaintext.
name
string
An optional display name for the user.

Response

id
string
UUID of the newly created user.
email
string
The registered email address.
name
string | null
The user’s display name, or null if not provided.
role
string
Role assigned to the user. New accounts default to USER. Possible values: USER, ADMIN.
token
string
A signed JWT for immediate use in authenticated requests.
curl -X POST http://localhost:3001/api/auth/register \
  -H 'Content-Type: application/json' \
  -d '{
    "email": "jane@example.com",
    "password": "s3cur3p@ss",
    "name": "Jane Doe"
  }'
If email or password is missing from the body, the API returns 400 Bad Request with { "error": "Email y contraseña son obligatorios" }. If the email address is already registered, a 400 error is also returned.

POST /api/auth/login

Authenticate with an email and password. Returns a JWT and a user summary object. Use the returned token value as the Bearer token for all subsequent authenticated requests. Authentication required: No

Request Body

email
string
required
The email address of the account to authenticate.
password
string
required
The account password.

Response

token
string
A signed JWT. Include this in the Authorization: Bearer <token> header for all authenticated requests.
user
object
A summary of the authenticated user.
curl -X POST http://localhost:3001/api/auth/login \
  -H 'Content-Type: application/json' \
  -d '{
    "email": "admin@qaflow.com",
    "password": "admin123"
  }'
If credentials are invalid or the account does not exist, the API returns 401 Unauthorized with { "error": "Error de inicio de sesión" }. Both missing fields and incorrect passwords surface as a 401 to avoid user enumeration.

GET /api/auth/me

Retrieve the full profile of the currently authenticated user. This endpoint is useful for hydrating UI state on application load or verifying that a stored token is still valid. Authentication required: Yes (Bearer token)

Response

id
string
UUID of the authenticated user.
email
string
The user’s registered email address.
name
string | null
The user’s display name, or null if not set.
role
string
The user’s role: USER or ADMIN.
createdAt
string
ISO 8601 timestamp of when the account was created.
curl http://localhost:3001/api/auth/me \
  -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'
Returned when the Authorization header is missing or the token is invalid/expired.
{ "error": "No autorizado: token requerido" }
or
{ "error": "No autorizado: token inválido o expirado" }

Build docs developers (and LLMs) love