The Auth API handles user authentication and session management for PermisosQR. It exposes three endpoints: a login route that issues a JWT, a session-inspect route that decodes the current token and returns fresh user data, and a one-time setup route that seeds the very first Super Admin account when the database is empty. All other API routes require the JWT produced byDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/edgar2420/QrPermision/llms.txt
Use this file to discover all available pages before exploring further.
POST /api/auth/login.
POST /api/auth/login
Authenticates a user with their email and password. On success, returns a signed JWT and a summary of the authenticated user object. The token must be included as aBearer header on every protected request.
Auth required: None
The user’s registered email address.
The user’s plaintext password. Compared against the stored bcrypt hash.
| Status | Condition |
|---|---|
400 | email or password field is missing from the request body |
401 | Credentials do not match any user record |
403 | User account exists but is_active is false |
GET /api/auth/me
Returns the full profile of the currently authenticated user by decoding the Bearer token and re-querying the database. Useful for bootstrapping the frontend session after a page refresh. Auth required: Bearer token Response 200| Status | Condition |
|---|---|
401 | Authorization header is absent, malformed, or the token has expired |
The response from
GET /api/auth/me reflects the live database state. If an admin deactivates the account between requests, the user’s is_active field will reflect false on the next call to this endpoint.POST /api/auth/setup
A one-time bootstrapping endpoint used to create the very first Super Admin account. The request is rejected with an error if any user already exists in the database, making it safe to leave enabled in production without risk of account takeover. Auth required: NoneDisplay name for the initial Super Admin.
Email address for the initial Super Admin account.
Plaintext password. Stored as a bcrypt hash. Minimum 6 characters.
| Status | Condition |
|---|---|
400 | One or more required fields are missing, or password is shorter than 6 characters |
403 | At least one user record already exists — setup is disabled |