Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/miagv/PlataformaEduca/llms.txt

Use this file to discover all available pages before exploring further.

The /api/auth/login endpoint validates a user’s credentials and returns a signed JWT token. This token must be included in the Authorization header of all subsequent requests to protected endpoints. Tokens are valid for 24 hours (86,400,000 ms); once expired, you must call this endpoint again to obtain a new one.

Endpoint

POST /api/auth/login
Authentication: None required — this is a public endpoint. Content-Type: application/json

Request body

email
string
required
The user’s registered email address.
password
string
required
The user’s plain-text password. Always transmit over HTTPS.

Example request

{
  "email": "coord@gmail.com",
  "password": "coord123"
}

curl --request POST \
  --url https://your-api-host/api/auth/login \
  --header 'Content-Type: application/json' \
  --data '{
    "email": "coord@gmail.com",
    "password": "coord123"
  }'

Response

200 OK

Returns a JwtResponse object containing the signed token and the authenticated user’s identity.
token
string
The signed JWT token. Include this in all subsequent requests as Authorization: Bearer <token>. The token encodes the user’s email and roles, and expires after 24 hours.
email
string
The email address of the authenticated user.
roles
string[]
List of role names assigned to the user, each prefixed with ROLE_. For example: ["ROLE_COORDINADOR"]. These roles control access to protected endpoints.

Example success response

{
  "token": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJjb29yZEBnbWFpbC5jb20iLCJyb2xlcyI6WyJDT09SRElOQURPUiJdLCJpYXQiOjE3MDAwMDAwMDAsImV4cCI6MTcwMDA4NjQwMH0.example",
  "email": "coord@gmail.com",
  "roles": ["ROLE_COORDINADOR"]
}

Using the token

Include the token in the Authorization header for every request to a protected endpoint: 
curl --request GET \
  --url https://your-api-host/api/cursos \
  --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9...'
Key details about token usage:
  • Header format: Authorization: Bearer <token>
  • Expiry: Tokens expire after 24 hours (86,400,000 ms). Call /api/auth/login again to get a fresh token.
  • Role enforcement: The roles embedded in the token determine which endpoints you can access. Attempting to reach an endpoint that requires a higher role returns 403 Forbidden.
Store the JWT token securely. Do not persist it in localStorage in browser environments — prefer sessionStorage or an in-memory store to reduce XSS exposure. In server-side or mobile contexts, use a secure secrets store or the platform’s secure storage API. Never log or expose the token in client-side error messages.

Error responses

StatusCause
401 UnauthorizedInvalid email or password. Spring Security returns a 401 with no body or a standard error response.
403 ForbiddenThe token is valid but the user’s role does not have permission to access the requested endpoint.

Test accounts

The following seeded accounts are available for development and testing:
EmailPasswordRole
admin@gmail.comadmin123ADMIN
coord@gmail.comcoord123COORDINADOR
profe@gmail.comprofe123DOCENTE
alumno@gmail.comalumno123ESTUDIANTE

Build docs developers (and LLMs) love

Get started for freeTalk to us