Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/eggarcia98/auth-backend/llms.txt

Use this file to discover all available pages before exploring further.

POST /api/v1/auth/login Authenticates a user with email and password. On success, sets accessToken and refreshToken as HTTP-only cookies. The response body does not contain the tokens directly.

Request

Body parameters

email
string
required
The user’s email address.
password
string
required
The user’s password.

Response

success
boolean
Whether the request succeeded.
message
string
Confirmation message: "Login successful, tokens set in cookies".

Cookies set

On a successful login, the server sets the following HTTP-only cookies:
CookieDescription
accessTokenShort-lived JWT for authenticating requests. Expires according to expiresIn.
refreshTokenLong-lived token for obtaining new access tokens. Expires after 7 days.
Both cookies are set with HttpOnly, SameSite=Strict, and Secure (in production).

Examples

curl --request POST \
  --url https://your-api.example.com/api/v1/auth/login \
  --header 'Content-Type: application/json' \
  --cookie-jar cookies.txt \
  --data '{
    "email": "user@example.com",
    "password": "Passw0rd"
  }'

Success response (200)

{
  "success": true,
  "message": "Login successful, tokens set in cookies"
}
Tokens are not returned in the response body. They are stored in HTTP-only cookies, which are sent automatically by the browser on subsequent requests. Include credentials: 'include' in your fetch calls to ensure cookies are sent.

Errors

HTTP statusCodeDescription
400VALIDATION_ERRORThe request body is missing required fields or contains an invalid email format.
401UNAUTHORIZEDThe email or password is incorrect.

Build docs developers (and LLMs) love

Get started for freeTalk to us