QA Flow uses JSON Web Tokens (JWT) for stateless authentication. There are three authentication endpoints: one to register a new account, one to exchange credentials for a token, and one to retrieve the profile of the currently logged-in user. Every other endpoint in the API requires a valid token passed in theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/davidG97/qa-flow/llms.txt
Use this file to discover all available pages before exploring further.
Authorization: Bearer <token> header.
POST /api/auth/register
Register a new user account. On success, the newly created user object is returned along with a JWT so the client can begin making authenticated requests immediately. Authentication required: NoRequest Body
A valid, unique email address for the new account.
The account password. Stored as a bcrypt hash — never in plaintext.
An optional display name for the user.
Response
UUID of the newly created user.
The registered email address.
The user’s display name, or
null if not provided.Role assigned to the user. New accounts default to
USER. Possible values: USER, ADMIN.A signed JWT for immediate use in authenticated requests.
POST /api/auth/login
Authenticate with an email and password. Returns a JWT and a user summary object. Use the returnedtoken value as the Bearer token for all subsequent authenticated requests.
Authentication required: No
Request Body
The email address of the account to authenticate.
The account password.
Response
A signed JWT. Include this in the
Authorization: Bearer <token> header for all authenticated requests.A summary of the authenticated user.
If credentials are invalid or the account does not exist, the API returns
401 Unauthorized with { "error": "Error de inicio de sesión" }. Both missing fields and incorrect passwords surface as a 401 to avoid user enumeration.GET /api/auth/me
Retrieve the full profile of the currently authenticated user. This endpoint is useful for hydrating UI state on application load or verifying that a stored token is still valid. Authentication required: Yes (Bearer token)Response
UUID of the authenticated user.
The user’s registered email address.
The user’s display name, or
null if not set.The user’s role:
USER or ADMIN.ISO 8601 timestamp of when the account was created.
- 404 Not Found