Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/jparra-amell/api_solsql/llms.txt

Use this file to discover all available pages before exploring further.

SolSQL API uses a credential-based login flow. You send an email address, a plaintext password, and a role identifier to a single endpoint. The API verifies the password against a BCrypt hash stored in the database and returns the matching user record. There are no tokens — your client application is responsible for persisting the user object and managing session state.

Login endpoint

POST /api/LoginRequest/login
1

Send the login request

Post a JSON body containing Email, Password, and Role.
{
  "Email": "[email protected]",
  "Password": "plaintextpassword",
  "Role": 1
}
FieldTypeRequiredDescription
EmailstringYesThe user’s registered email address
PasswordstringYesThe user’s plaintext password (verified against a BCrypt hash)
RoleintegerYes1 for a standard user, 2 for an admin
2

Receive the user object

On success, the API returns 200 OK with the user object. The Password field is cleared before the response is sent — it will always be null.
{
  "Id": 42,
  "Name": "Jane Smith",
  "Email": "[email protected]",
  "Password": null,
  "Role": 1
}
3

Store session state in your client

Persist the returned user object (for example, in localStorage, a cookie, or application state) so you can identify the current user in subsequent requests.

Roles

Role values are numeric integers passed in the Role field. Based on the source code, 1 represents a standard user and 2 represents an admin. The API enforces that the Role in the request matches the role stored for that user’s account — a mismatch returns 401 Unauthorized.
ValueRole
1User
2Admin

Password verification

The API uses BCrypt.Net to verify passwords. When you call the login endpoint:
  1. The API calls the sp_login stored procedure with your email and role to fetch the matching user record.
  2. It compares your plaintext Password against the BCrypt hash stored in the database using BCrypt.Verify.
  3. If the hash does not match, the API returns 401 Unauthorized with "Invalid credentials".
You never need to hash passwords on the client — always send the plaintext password over HTTPS.

curl example

curl -X POST "http://<host>/api/LoginRequest/login" \
  -H "Content-Type: application/json" \
  -d '{
    "Email": "[email protected]",
    "Password": "plaintextpassword",
    "Role": 1
  }'

Error responses

HTTP statusCondition
200 OKCredentials and role are valid; user object returned
401 UnauthorizedUser not found, role mismatch, or incorrect password
500 Internal Server ErrorDatabase or unexpected server error
A 401 Unauthorized response body includes a message field describing the reason: 
{ "message": "User not found" }

{ "message": "Invalid role" }

{ "message": "Invalid credentials" }
SolSQL API does not issue JWT tokens or any bearer token. The login response is the raw user object. Your client application must handle session persistence — for example, storing the user’s Id and Role locally and clearing them on logout. Do not assume that subsequent API calls are automatically authenticated.

Security recommendations

Always call the login endpoint over HTTPS in production. The Password field is sent as plaintext in the request body, so TLS is the only protection against credential interception in transit.

Build docs developers (and LLMs) love

Get started for freeTalk to us